Career at EarthLink
We are approaching our vision to be pioneers and innovators of Internet services and technology solutions for the future. Moreover, about to achieve our mission by providing fast, flexible and accurate services to businesses, and leading our customers through changing technology world
We are looking for talented people to be part of our team and go along with our challenging journey.
Want to know more about EarthLink? See how we roll Life Inside Earthlink
DFIR Section Head
Information Security
Baghdad Governorate
Description
The Threat Analysis and DFIR Section Head will lead a team responsible for developing, analyzing, and coordinating cyber threat intelligence, he/she will lead the team in conducting thorough digital forensic investigations and incident response activities to mitigate cybersecurity incidents effectively. he/she will also oversee malware analysis efforts to understand and counteract sophisticated threats. As a leader in the field, he/she will play a critical role in guiding the team toward effective threat mitigation strategies and ensuring the organization's cybersecurity posture remains resilient in the face of evolving threats.
Job Duties:
Lead digital forensic investigations and incident response efforts, ensuring timely identification, containment, eradication, and recovery from cyber incidents.
Monitor and analyze digital evidence and network traffic for security incidents, leveraging honeypots to detect and study malicious activities and intrusions, enhancing our understanding of emerging threats and attack vectors.
Manage the identification and analysis of threat actors and tactics, coordinating team efforts to uncover sophisticated attack methodologies and provide actionable insights for proactive threat mitigation.
Plan and deploy digital forensic tools and resources, optimizing their utilization for efficient and accurate analysis. Additionally, oversee the digital forensic toolkit to address evolving cyber threats.
Lead the creation and implementation of detailed incident response plans, collaborating across teams to refine strategies and ensure swift, effective responses to cyber incidents, increasing organizational resilience.
Managing honeypots to gather threat intelligence, ensuring their deployment and maintenance. Utilize honeypot data to enhance understanding of emerging threats and adversary tactics.
Oversee the collection and analysis of threat intelligence from various sources, collaborating to enhance organizational resilience against cyber threats.
Generate timely incident reports and threat assessments, providing actionable insights to stakeholders and contributing to proactive defense strategies.
Manage a team of analysts specializing in advanced malware analysis to identify, mitigate, and respond to malicious software threats effectively.
Collaborate with cross-functional teams for incident response coordination, fostering a cohesive and proactive approach to cybersecurity.
Requirements
Bachelor degree in Computer Science, Computer Engineering, or any related engineering degree.
(8+) Years in software development, automation, system engineering, information security and DFIR.
Knowledge:
- Good knowledge of threat intelligence standards and frameworks such as OpenIoC, STIX, TAXII, Yara, and detection rules.
- Knowledge of cyber threats, vulnerabilities, Reverse Engineering, regex, databases, and programming languages.
- Proficiency in analyzing advanced malware threats and identifying malicious software behaviors.
- Ability to perform static and dynamic malware analysis.
- Developing strategies to mitigate and respond to malware attacks effectively.
- Demonstrated ability to mentor and develop team members, fostering a culture of collaboration, innovation, and continuous learning.
- Proven experience in managing complex projects and initiatives, with a focus on delivering results within established timelines and budgets.
- In-depth understanding of automation and information security technologies and protocols.
- The ability to stay anonymous while surfing the public and dark web.
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of cyber security frameworks such as MITRE, NIST, and cyber kill chain.
- Knowledge of network security (e.g., encryption, Next-Gen firewalls, authentication, honeypots, perimeter protection).
- Ability to stay updated on the latest security threats, vulnerabilities, and industry trends.
- Knowledge of the Russian language is a plus.
- Knowledge of APT groups is a plus.
