Crosslake Tech
Security Analyst - Forensics, Threat Hunting, IOCs
Crosslake Tech, Charlotte, North Carolina, United States, 28245
(this position is US based, 1099, remote role )
Overview
We are seeking a Security Analyst with experience conducting compromise assessments and advanced threat detection activities. The analyst will play a key role in identifying potential breaches, evaluating security posture, and providing actionable insights to reduce organizational risk. This role involves close collaboration with clients and internal teams to assess environments for evidence of malicious activity, uncover gaps in defenses, and recommend remediation strategies. Responsibilities
Perform compromise assessments across enterprise networks, identity platforms, cloud environments, and endpoints to detect active or historical intrusions. Identify, analyze, and validate indicators of compromise (IOCs), malicious artifacts, and persistence mechanisms. Conduct threat hunting using endpoint and log data to uncover stealthy adversary activity. Leverage forensic tools to analyze system images, memory captures, and network traffic for signs of malicious behavior. Map adversary techniques to the MITRE ATT&CK framework and provide context on TTPs observed. Develop and deliver detailed technical and executive-level reports summarizing findings, risk implications, and prioritized remediation steps. Collaborate with incident response teams, SOC analysts, and client IT/security staff to validate findings and strengthen detection capabilities. Contribute to the continuous improvement of methodologies, playbooks, and automation for compromise assessments. Required Qualifications
4-8 years of experience in cybersecurity, digital forensics, or incident response. Experience with all Tool Categories and Examples categories and hands-on experience with at minimum one tool in each section. Strong familiarity with public cloud providers (e.g. Amazon Web Services, Google Cloud, Microsoft Azure). Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and familiarity with MITRE ATT&CK. Experience conducting forensic analysis of endpoints, logs, and network data. Strong written and verbal communication skills, with ability to create reports tailored to both technical and executive audiences. Industry certifications such as
GCFA, GNFA, GCIH, CySA+, or Security+ . (Preferred) Tool Categories and Examples
Endpoint & Host Forensics
- Velociraptor, KAPE (Kroll Artifact Parser & Extractor), FTK Imager / EnCase / X-Ways, Volatility / Rekall, Sysinternals Suite Endpoint Detection & Response (EDR)
- CrowdStrike Falcon, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Sophos Intercept X SIEM & Log Analysis
- Splunk, Microsoft Sentinel, Elastic (ELK Stack), IBM QRadar, LogRhythm Network & Traffic Analysis
- Wireshark / tcpdump, Zeek (Bro), Security Onion, Arkime (Moloch) Threat Intelligence & IOC Enrichment
- MISP, VirusTotal, Hybrid Analysis, AlienVault OTX, ThreatConnect, Anomali, MITRE ATT&CK Navigator Cloud & SaaS Visibility
- AWS GuardDuty, CloudTrail, Security Hub, Azure Security Center, Defender for Cloud, Sentinel, Google Chronicle, Security Command Center, Prisma Cloud, Wiz, Orca Scripting & Automation
- Python, PowerShell, Bash, jq, Sigma rules, YARA rules Key Attributes
Analytical thinker with strong investigative skills. Comfortable working in fast-paced, incident-driven environments. Ability to navigate discussions with executives and engineers alike. Strong attention to detail and ability to connect technical findings to business impact. Collaborative and client-focused, with a commitment to delivering high-quality assessments.
#J-18808-Ljbffr
We are seeking a Security Analyst with experience conducting compromise assessments and advanced threat detection activities. The analyst will play a key role in identifying potential breaches, evaluating security posture, and providing actionable insights to reduce organizational risk. This role involves close collaboration with clients and internal teams to assess environments for evidence of malicious activity, uncover gaps in defenses, and recommend remediation strategies. Responsibilities
Perform compromise assessments across enterprise networks, identity platforms, cloud environments, and endpoints to detect active or historical intrusions. Identify, analyze, and validate indicators of compromise (IOCs), malicious artifacts, and persistence mechanisms. Conduct threat hunting using endpoint and log data to uncover stealthy adversary activity. Leverage forensic tools to analyze system images, memory captures, and network traffic for signs of malicious behavior. Map adversary techniques to the MITRE ATT&CK framework and provide context on TTPs observed. Develop and deliver detailed technical and executive-level reports summarizing findings, risk implications, and prioritized remediation steps. Collaborate with incident response teams, SOC analysts, and client IT/security staff to validate findings and strengthen detection capabilities. Contribute to the continuous improvement of methodologies, playbooks, and automation for compromise assessments. Required Qualifications
4-8 years of experience in cybersecurity, digital forensics, or incident response. Experience with all Tool Categories and Examples categories and hands-on experience with at minimum one tool in each section. Strong familiarity with public cloud providers (e.g. Amazon Web Services, Google Cloud, Microsoft Azure). Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and familiarity with MITRE ATT&CK. Experience conducting forensic analysis of endpoints, logs, and network data. Strong written and verbal communication skills, with ability to create reports tailored to both technical and executive audiences. Industry certifications such as
GCFA, GNFA, GCIH, CySA+, or Security+ . (Preferred) Tool Categories and Examples
Endpoint & Host Forensics
- Velociraptor, KAPE (Kroll Artifact Parser & Extractor), FTK Imager / EnCase / X-Ways, Volatility / Rekall, Sysinternals Suite Endpoint Detection & Response (EDR)
- CrowdStrike Falcon, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Sophos Intercept X SIEM & Log Analysis
- Splunk, Microsoft Sentinel, Elastic (ELK Stack), IBM QRadar, LogRhythm Network & Traffic Analysis
- Wireshark / tcpdump, Zeek (Bro), Security Onion, Arkime (Moloch) Threat Intelligence & IOC Enrichment
- MISP, VirusTotal, Hybrid Analysis, AlienVault OTX, ThreatConnect, Anomali, MITRE ATT&CK Navigator Cloud & SaaS Visibility
- AWS GuardDuty, CloudTrail, Security Hub, Azure Security Center, Defender for Cloud, Sentinel, Google Chronicle, Security Command Center, Prisma Cloud, Wiz, Orca Scripting & Automation
- Python, PowerShell, Bash, jq, Sigma rules, YARA rules Key Attributes
Analytical thinker with strong investigative skills. Comfortable working in fast-paced, incident-driven environments. Ability to navigate discussions with executives and engineers alike. Strong attention to detail and ability to connect technical findings to business impact. Collaborative and client-focused, with a commitment to delivering high-quality assessments.
#J-18808-Ljbffr