Regional Incident Response Investigator (m/f/d)
Position Description:
The Regional Incident Response Investigator is part of the Global SOC which conducts Cyber research, threat
hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations. You can be based from any of our offices in Germany
This role requires a thorough understanding of Cyber security and in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and
forensics methodologies and tools.
This Regional Incident Response Investigator is capable of leading and conducting highly technical incident response
engagements, setting the Incident Response Plan, and working with and leading colleagues where required in the
correct application of Incident Response processes within CGI. The Regional Incident Response Investigator is a highly effective communicator and is able to communicate at all levels within the business.
Your future duties and responsibilities:
Provide technical leadership and conduct incident response engagements as required at the direction of the Head of Incident Response or Head of Cyber Monitoring and Response (Blue Team)
• Help to develop incident response within the Global SOC, paying particular attention to best practices and
• advances in technology or cyber security
• Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation
• Act as the senior subject matter expert where required during security incidents
• Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
• Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes)
• Work until incident resolution or as directed by the Head of Incident Response or the Head of Cyber Monitoring and Response (Blue Team)
• Preform basic reverse engineering on malware using dynamic and static analysis
• Perform forensic collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures, and conduct forensic investigations to industry standards when required
Required qualifications to be successful in this role:
• Minimum of 6 years’ experience in working in a similar Cyber Security role or associated discipline
• Be a recognized Cyber Security professional within Forensics, Incident Response or Threat Hunting within your region or business unit
• Previous Experience Leading Incident Response Engagements
• The candidate should have expertise and strong experience (3+ years) in at least two of the following areas:
o Advanced Threat Hunting
o Malware analysis
o Reverse engineering
o Cyber research and Threat intelligence
o Cyber analysis with big data
• Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Strong understanding of Windows/Linux/Unix operating systems
• Strong understanding of Incident Response methodologies and tools
• Strong understanding of operating system and software vulnerabilities and exploitation techniques
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint, Elastic)
• Host analysis Experience with Forensics/EDR tools (e.g. enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Network analysis experience with Network sensors (e.g. Fireye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilizing threat intelligence sources
• Penetration testing experience
• Desirable Experiences:
o Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
o Experience with tools such as IDA Pro, radare2, OllyDbg, WinDBG
o Experience using other big data analysis platforms and the development of advanced queries used
o to interrogate big data source.
o Experience with Machine Learning and Artificial Intelligence
o Experience with User Behavior Analysis using tools and processes
• Experience with one or more of the following programming languages C/C++, Python, Ruby, Assembly, Perl, C#,
• Experience with script languages such as Bash, PowerShell, Perl, Python
• User investigations, Behavioral Analysis technology and or processes.
• Experience with Insider Threat Investigations from a forensic approach
What you can expect from us:
Insights you can act on
Der Motor für die digitale Transformation unserer Kunden ist die Technologie – der Antrieb für den Erfolg unseres Unternehmens sind die Menschen.
Als Berater:in bei CGI genießt du das Vertrauen deiner Kolleg:innen und Kunden. In der Zusammenarbeit gewinnst du Erkenntnisse, die zu wertvollen und nachhaltigen Lösungen führen. Unsere Mitarbeitenden heißen „Member“, weil sie am Erfolg beteiligt werden und gemeinsam ein Unternehmen gestalten, auf das wir alle stolz sind. Diesen Traum haben wir seit 1976, und er hat uns dorthin geführt, wo wir heute stehen: Wir sind einer der weltgrößten unabhängigen Dienstleister für IT und Business Consulting.
Bei CGI erkennen wir den Mehrwert von Vielfalt. Wir wollen ein Arbeitsumfeld schaffen, dem sich alle zugehörig fühlen, und fördern zusammen mit unseren Kunden die Inklusion. Bei uns haben alle die gleichen Chancen, erfolgreich zu sein und sich weiterzuentwickeln. Solltest du im Recruiting-Prozess Unterstützung benötigen, sind wir für dich da.
Bist du bereit, Teil unserer Erfolgsgeschichte zu werden? Komm zu CGI – wo du mit deinen Ideen und deinem Engagement etwas bewirkst.
Das CGI-Recruiting Team steht Ihnen bei Rückfragen oder für ein telefonisches Erstgespräch gerne zur Verfügung. Sie erreichen uns unter 06196 / 77 42 420. Wir freuen uns auf Ihre Bewerbung!