CSIRT ANALYST - Incident Response Team (M/F/D) - Mandatory: German C1 (min.)

An organization is under attack: it needs your expertise fast to help it recover.

🤓 Your mission

• You identify the attackers' modus operandi, objective and qualify the extent of compromises.
• For that purpose, you analyze the technical artifacts collected (host forensics, network forensics, log analysis, and malware triage) to identify the attacker's Tactics, Techniques and Procedures (TTPs), Indicators of Compromise (IOCs).
• You recommend actions for containment and remediation of the incident.
• In an investigation report, you provide remediation recommendations for cleaning up and hardening the systems under attack.
• You monitor for new vulnerabilities, technologies and attack methods on IT components, and develop investigative tools.

🤠 Your potential projects

More concretely, here are some projects you could carry out:

• To support a hospital targeted with ransomware, you will join the incident response of CERT Advens.
• The management of an industrial company asks you to intervene in its crisis unit.
• You carry out a digital forensics investigation to understand the origin of an attack and identify the attacker's TTPs.
• Together with a CISO and the IT department, you rebuild a compromised information system.