Tekfortune is a fast-growing consulting firm specialized in permanent, contract & project-based staffing services for world's leading organizations in a broad range of industries. In this quickly changing economic landscape, virtual recruiting and remote work are critical for the future of work. To support the active project demands and skills gaps, our staffing experts can help you find the best job for you.
Role- Security Operations Analyst -L3
Work Location- Remote is fine but Work / Shift timing will be
California time Technical Requirements / JD:Query & Investigations:
Extensive experience in SIEM query building, complex query writing (such as subqueries, conditions, etc.), data pivoting (via queries, excel, notepad , etc.), data parsing and manipulation.
Cyber Investigation and Threat Hunting Skills:
understanding how to investigate different types of attack/compromise scenarios, isolate associated risks (and enumerate potential CoA's & responses actions: such as network contain hosts, reimage assets, rotate accounts, revoke tokens, reset sessions, etc.). The response actions should be tailored to risk, dictated by indications of compromise identified, dictated by the specific attack scenario identified (e.g. advanced malware, info-stealers, phishing, malicious links in email, ransomware, hacking software such as mimikatz, cobalt, meterpreter, impacket, PS empire, AD enum tools etc.), which is alluded to by the monitoring content triggered (i.e. security event).
Threat Intelligence:
general understanding about threat actors (criminal orgs, advanced persistent actors (APT - other national sovereign states), ransomware groups, targets/victims, verticals, TLP ratings, intelligence integration into cyber operations and how to use that, etc.
CyberOps Toolset:
Should have advanced understanding of the following toolsets by category (not brand) and express that experience/depth of understanding, in the interview:
- EDR - process trees, disk operations, network connections, commandlines run, load & run state of binaries and DLL's, duration, actions applied, process IDs, etc. Also advanced experience running queries in EDR
- SIEM - as stated above regarding advanced query building/writing and pivoting skills. In addition, should have advanced experience building content rules in SIEM (per patterns identified).
- Sandbox - how to submit various artifacts/links etc. and how to interpret the reports which require understanding of WinAPI's
- Cloud - both AWS and Google GCP, general knowledge regarding compute (EC2, Compute Engine), storage (S3, Cloud Storage), and databases (RDS, Cloud SQL) as well as serverless computing (AWS Lambda, Cloud Functions) - should be familiar with CloudTrail and GuardDuty datasets and how to investigate and pivot those.
- Email Proxy - experience regarding email based research and investigation - phishing, malicious emails, content, artifacts, downloads, campaigns
Special Knowledge Sets of Interest to Customer/Industry:
- General understanding regarding AD - Domain Controllers, their role, their function, what they store, how authentication is achieved, how service requests are processed, etc.
- AD Attacks - ntds.dit, golden ticket, pass the hash, pass the ticket, krbtgt account compromise, how to perform privilege escalation attacks (various techniques) etc.
Associated AD attack tools - bloodhound, sharphound, mimikatz, ntdsutile.exe, impacket suite, etc
For more information and other jobs available please contact our recruitment team at . To view all the jobs available in the USA and Asia please visit our website at