Sygnia draws on top talent from the ranks of elite military technology units
and from across the cyber industry. Described by Forbes as a “cyber security
delta force”, Sygnia applies technological supremacy, digital combat
experience, data analytics and a business-driven mindset to cyber security,
enabling organizations to excel in the age of cyber.

Sygnia is looking for a Cyber Security and Privacy GRC Lead to perform a range
of expert level services. The successful candidate should have experience both
as a security practitioner and consultant, profound security and privacy GRC
related knowledge and passion for cyber security. In addition, they should
have a service approach, excellent communication skills and the ability to
learn and work with the best in the field.

Main Responsibilities:

* Evaluate the state of security and privacy from the GRC perspective, identifying gaps and opportunities and anticipating needs.
* Consult in cyber security engagements, including development of a cyber security plan, design its implementation, and provide guidance on building security roadmaps.
* Recommend cyber security and privacy governance strategies, policies, and procedures.
* Develop and support clients with internal training to ensure deep understanding of fundamental cyber security and privacy governance practices, risks, and recommended mitigation strategies.
* Create expert-level deliverables, and present results of the assessment to a broad range of clients and design plans to address specific cyber risks.
* Collaborate with the cyber experts’ team in the development and implementation of cyber assessment tools, services, and best practices.
* Consult on data privacy/protection GRC aspects as part of Sygnia’s Incident Response engagements; and collaborate with IT and Security teams during investigations.

Main Requirements:

* Proven track record of at least 5 years in cyber security, data protection and privacy governance.
* Deep knowledge of relevant IT, security and privacy regulation, industry standards, and frameworks (e.g., NIST, PCI, ISO, SOC, ITIL, COBIT, CMMI, etc.) and GRC tools (e.g., ServiceNow, Archer, OneTrust).
* Extensive expertise in risk management, business impact analysis, and strategic planning.
* Practical experience in consulting and in communicating with C-levels, especially CIO, CISO, DPO and CRO.
* Experience in working in large enterprises worldwide.
* Sharp analytical skills and a pragmatic mindset.
* Exceptional written and verbal communication and presentation skills in English. Native English speaker – an advantage.
* Sharp analytical capabilities, with a high proficiency in strategic and abstract thinking, as well as attention to technical details.
* Ability to work in a dynamic matrix organizational structure, with people across all levels in the company.
* A positive, can-do attitude, and an ability to learn quickly and adapt to changing environments.
* Ability to work in parallel on multiple projects under tight deadlines.
* Academic degree in a relevant discipline – a must. Law degree – an advantage.
* Information security and privacy certificates from industry leading organizations (e.g., CISSP, CISM, CISA, CPDSE, CIPP, HCISPP) – an advantage.
* The position may require travel abroad (about 1-2 weeks per quarter).

The post Cyber Security and Privacy GRC Lead appeared first on TechMonster.

The company draws on top talent from the ranks of elite military technology
units and from across the cyber industry and has some of the world’s top
talents in cyber security. Described by Forbes as a “cyber security delta
force”, it applies technological supremacy, digital combat experience, data
analytics and a business-driven mindset to cyber security, enabling
organizations to excel in the age of cyber.

Sygnia is looking for an Advanced Monitoring Team Leader to lead a team of
analysts that perform advanced and tailored monitoring activities in clients’
environment. The role includes development of detection analyses, triage of
alerts, investigation of security incidents, proactive threat hunting and
enhancement of sensors and overall visibility status. The successful candidate
should be a capable leader, with deep technical knowledge, significant
experience in SOC, SecOps or security monitoring, excellent communication
capabilities, and the ability to operate in a fast and highly dynamic
environment.

Main Responsibilities

* Lead a team of analysts that perform advanced monitoring activities in clients’ environment, including development of analyses, triage of alerts, investigation of security incidents and enhancement of sensors and overall visibility status
* Lead the development of ad-hoc detection and monitoring capabilities as part of large-scale incident response efforts
* Apply proactive threat hunting approach in ongoing monitoring engagements, including forensic host and network-based analysis, malware hunt and wide IOC searches
* Develop internal processes and monitoring methodologies for alerts handling, triage and escalation, visibility maintenance, automations and reporting
* Communicate directly with the client’s security personnel in all levels when providing regular updates and following-up on alerts and security events
* Manage activities of the monitoring team and ensure that the team performs required tasks in accordance with defined policies and security best practices
* Generate and provide reports and metrics on actionable data: incidents, weekly aggregation/trending, follow up procedures, visibility status, etc.

Main Requirements

* At least 5 years of a relevant experience in the cyber security field (from military service and/or industry), specifically in SOC, SecOps or security monitoring teams, and at least 3 years’ experience of team management
* Independent bright and positive leader, who strive for excellency, and able to succeed in an ultra-dynamic, fast pace environment
* Experience in defining and building monitoring processes (triage, documentation, communication with client, alert testing, visibility overview, etc.)
* Demonstrated in-depth understanding of the life cycle of advanced security threats, attack vectors and methods of exploitation
* Hands-on experience working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
* Strong technical understanding of network fundamentals, common Internet protocols and system and security controls
* Solid understanding of system and security controls on at least two OSs (Windows, Linux / Unix and MacOS), including host-based forensics and experience with analyzing OS artifacts
* Familiarity with cloud infrastructure, web application and servers, android and iOS mobile platforms
* Knowledge and experience with scripting and programming (e.g. Python) – an advantage
* Proven presentation skills and client facing experience, including the ability to articulate complex technical issues in a concise and confident manner to both technical personnel and executive level management
* Fluent English (written, spoken) – a must. Additional languages – an advantage
* Willingness to travel abroad, and to work off hours as required

The post Advanced Monitoring Team Lead appeared first on TechMonster.

The company draws on top talent from the ranks of elite military technology
units and from across the cyber industry and has some of the world’s top
talents in cyber security. Described by Forbes as a “cyber security delta
force”, it applies technological supremacy, digital combat experience, data
analytics and a business-driven mindset to cyber security, enabling
organizations to excel in the age of cyber.

Sygnia is looking for a Senior Malware Researcher to perform analysis of
advanced malware and support threat research and incident response. The
successful candidate should be a bright expert, with extensive hands-on
experience with reverse engineering and malware research, as well as
exceptional problem-solving skills and technological depth. The role also
requires generating high-quality analysis reports. .

Main Responsibilities

* Perform static and dynamic analysis, including reverse engineering, of malware to fully understand functionality, extract indicators and support ongoing incident response investigations
* Support threat research of attack formations, attackers’ infrastructures and APT groups.
* Conduct in-depth research of operating system internals and relevant forensic artifacts, develop proof of concept code to extract data from forensic artifacts as needed
* Adapt and develop tools and infrastructure to enhance research, investigative and hunting capabilities
* Generate and present comprehensive and professional reports of findings from analysis process
* Support incident response efforts as needed
* Participate in thoughts leadership efforts and including generation of technical content for research papers and professional publications, and present at conferences
* Provide training and mentorship as needed

Main Requirements

* At least 5 years of a relevant experience (from military service and/or industry)
* Bright, problem solver, independent, initiative and self-motivated
* Extensive hands on experience with analyzing and reverse engineering malware samples written in multiple programming and scripting languages (C/C++, Go, .NET, Obfuscated Python, VB, PowerShell and web scripts)
* Extensive hands on experience working with static and dynamic binary analysis tools, including IDA Pro disassembler and user and kernel space debuggers (e.g. GDB, WinDBG, OllyDbg)
* Experience with analyzing shellcode, packed and obfuscated code
* Ability to read or write in x86/x64 assembly language
* Solid understanding of OS internals of at least two operating systems (Windows, Linux / Unix and MacOS)
* Deep technical understanding of network fundamentals and common internet protocols, and ability to analyze packet captures
* Strong programming and scripting skills
* Knowledge of cryptographic algorithms and protocols – advantage
* Experience with vulnerability research – advantage
* Excellent communication and interpersonal skills. Fluent English, including the ability to document and explain technical information in a concise, understandable manner

The post Senior Researcher appeared first on TechMonster.