Homeoffice Security Analyst - Forensics, Threat Hunting, IOCs bei Crosslaketech

(this position is US based, 1099, remote role )What we believe  In the past two years, more than a trillion dollars have been invested in software companies at record prices. And in many cases, the underlying tech is the greatest enabler to the business strategy. But has the approach to govern technology value creation caught up to the magnitude of the risk?    We believe a better way is possible – a more programmatic, proactive approach to actively manage technology throughout the investment lifecycle – and that’s what we do.     Our role  We know that technology can create truly transformative change, and its role in business is only growing. Crosslake is here to support the changemakers and help them buy, build and run better technology.     What we value  You could be a good fit for Crosslake if you see yourself reflected in our guiding values:   Service. We effect change by empowering others.  Curiosity. We believe great advice starts with deep understanding.  Credibility. Our expertise is earned and proven.   Commitment. It’s our privilege to serve clients in their critical moments.   Creativity. We are inspired by the constant pursuit of better. OverviewWe are seeking a Security Analyst with experience conducting compromise assessments and advanced threat detection activities. The analyst will play a key role in identifying potential breaches, evaluating security posture, and providing actionable insights to reduce organizational risk. This role involves close collaboration with clients and internal teams to assess environments for evidence of malicious activity, uncover gaps in defenses, and recommend remediation strategies.

Responsibilities

Perform compromise assessments across enterprise networks, identity platforms, cloud environments, and endpoints to detect active or historical intrusions.

Identify, analyze, and validate indicators of compromise (IOCs), malicious artifacts, and persistence mechanisms.

Conduct threat hunting using endpoint and log data to uncover stealthy adversary activity.

Leverage forensic tools to analyze system images, memory captures, and network traffic for signs of malicious behavior.

Map adversary techniques to the MITRE ATT&CK framework and provide context on TTPs observed.

Develop and deliver detailed technical and executive-level reports summarizing findings, risk implications, and prioritized remediation steps.

Collaborate with incident response teams, SOC analysts, and client IT/security staff to validate findings and strengthen detection capabilities.

Contribute to the continuous improvement of methodologies, playbooks, and automation for compromise assessments.

Required Qualifications

4-8 years of experience in cybersecurity, digital forensics, or incident response.

Experience with all “Tool Categories and Examples” categories and  hands-on experience with at minimum one tool in each section

Strong familiarity with public cloud providers (e.g. Amazon Web Services, Google Cloud, Microsoft Azure)

Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and familiarity with MITRE ATT&CK.

Experience conducting forensic analysis of endpoints, logs, and network data.

Strong written and verbal communication skills, with ability to create reports tailored to both technical and executive audiences.

Industry certifications such as GCFA, GNFA, GCIH, CySA+, or Security+. (Preffered)

Tool Categories and Examples

Endpoint & Host Forensics - Velociraptor, KAPE (Kroll Artifact Parser & Extractor), FTK Imager / EnCase / X-Ways, Volatility / Rekall, Sysinternals Suite

Endpoint Detection & Response (EDR) - CrowdStrike Falcon, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Sophos Intercept X

SIEM & Log Analysis - Splunk, Microsoft Sentinel, Elastic (ELK Stack), IBM QRadar, LogRhythm

Network & Traffic Analysis - Wireshark / tcpdump, Zeek (Bro), Security Onion, Arkime (Moloch)

Threat Intelligence & IOC Enrichment - MISP, VirusTotal, Hybrid Analysis, AlienVault OTX, ThreatConnect, Anomali, MITRE ATT&CK Navigator

Cloud & SaaS Visibility - AWS GuardDuty, CloudTrail, Security Hub, Azure Security Center, Defender for Cloud, Sentinel, Google Chronicle, Security Command Center, Prisma Cloud, Wiz, Orca

Scripting & Automation - Python, PowerShell, Bash, jq, Sigma rules, YARA rules

Key Attributes

Analytical thinker with strong investigative skills.

Comfortable working in fast-paced, incident-driven environments.

Ability to navigate discussions with executives and engineers alike.

Strong attention to detail and ability to connect technical findings to business impact.

Collaborative and client-focused, with a commitment to delivering high-quality assessments.

Jetzt bewerben