(ORQ495) | INCIDENT RESPONSE SPECIALIST

**what you will be doing**: - description of event, its category and initial classification - description of the control identified the event - description of the risk and its potential impact - description of remediation and mitigation - malware analysis and digital forensics - management of incident response activities on site and remotely **what you should have/know**: - experience performing digital forensics and incident response (dfir) investigations on multiple operation systems; windows, mac and linux - tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output - understanding of offensive security to include common attack methods - understanding of tactics, techniques and procedures associated with malicious actors and various threats including insider threat detection - understanding of how to pivot across multiple datasets to correlate artifacts for a single security event - knowledge of and the ability to use popular edr technologies during dfir engagements - knowledge of threat hunting and knowledge of the artifacts necessary to review during threat hunting - ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of iocs during an ir engagement - knowledge of system administrator roles and responsibilities with an understanding of windows domain environments - experience identifying host anomalies via windows event logs, sysinternals sysmon, process explorer/monitor, autoruns, etc. - knowledge performing dfir investigations in cloud environments (az...