[ref. m08619400] SOC/DFIR Specialist

Job Description

Job Summery:

We are seeking a highly skilled SOC/DFIR Specialist to conduct Compromise Assessments and

Threat Hunting across critical telecom infrastructure nodes. The role requires deep technical knowledge in digital forensics, incident response, scripting, and telecom systems. The ideal candidate must possess hands-on experience in forensic log collection on Linux machines, the ability to perform bulk analysis, and communicate complex findings effectively.

Key Responsibilities:

1. Incident Response & Forensic Log Collection

• Acquire system-level artifacts from Linux-based telecom nodes for forensic analysis.
• Use forensic tools such as UAC (Unix Artifact Collector), Log2Timeline, Volatility, FTK, Encase, Eric Zimmerman's utilities, etc.
• Collect and preserve volatile and non-volatile data for investigation.

1. Customized Scripting & Automation

• Develop and tailor UAC or custom scripts (Python, Bash) for application-level and system log parsing.
• Tune scripts to optimize performance and minimize system impact during live acquisition.
• Create pattern-based detection modules to identify anomalies and suspicious activities.

1. Telecom Infrastructure Forensics

• Analyze and interpret forensic data from core telecom components such as SS7, SIP, Diameter, MME, PGW, SGW, SIGTRAN, SPF, AMF, UPF, MSC, HLR, VLR, UDC, GTP, etc.
• Detect malicious behaviors within signaling and control-plane traffic.

1. Bulk Analysis & Threat Detection

• Perform bulk artifact triage and IOC-based prioritization across multiple nodes.
• Utilize automation, YARA rules, and custom parsing scripts to detect:
• Lateral movement
• Privilege escalation
• Persistence mechanisms (e.g., rootkits, backdoored binaries)
• Time-stamping anomalies and anti-forensic activity
• Unauthorized access/configuration changes
• Data exfiltration attempts
• Correlate events across hosts and timeframes to establish attack timelines and root cause.

1. Reporting & Documentation

• Generate comprehensive incident reports including:
• Executive summary
• Technical analysis with evidence
• Timeline of attack chain
• Mapping to MITRE ATT&CK TTPs
• Remediation and mitigation recommendations
• Use case enhancement based on discovered TTPs
• Maintain internal documentation and case logs to support audit and reproducibility.

Qualifications & Skills:

Technical Skills:

• Proficiency in Linux system internals and shell scripting.
• Experience with forensic tools like Volatility, FTK, EnCase, Log2Timeline, etc.
• Solid scripting skills (Python, Bash) for automation and data analysis.
• Deep understanding of telecom protocols and network elements.
• Familiarity with YARA, Sigma rules, and threat intelligence integration.
• Strong grasp of MITRE ATT&CK framework