Contract Bench, Incident Responder (DFIR)

Who We Are

If you feel like Incident Response and Recovery hasn’t changed in the past 10 years, you’re not alone. Business operations aren’t just on endpoints anymore. It’s behind applications in Okta tiles, auto-scaling workloads, code repos, and sprawling data stores across one or many public clouds. At modePUSH, we’re focused on eradicating adversaries across our client’s entire digital footprint, and that demands a faster, nimbler approach to DFIR.

We know high quality incident response starts and ends with great people. ModePUSH is looking for the weekend warriors, the late-night crusaders, or any variation in between to do investigative work at a pace that matches your lifestyle.

Who You Are

You’re a “retired” incident responder that’s called it quits because of missed one too many holidays and an exhausting on-call schedule. If you’re honest though, you miss the investigation. Finding actual evil and seeing the latest threat activity is more exciting than your day job, and you’d love to get your fix on some live response data without committing all your waking hours.

You know that $I30 isn’t referring to your local interstate, and that the easiest way to get on your bad side is to be handed a timestamp that isn’t in UTC. You’ve got a “Tools” folder sitting on your workstation somewhere with your favorite forensic scripts at the ready to tear into the next piece of suspicious activity you see. And speaking of suspicious activity, you’ve honed a keen sense for knowing the difference between legitimate users and threat actor activity because you’ve seen them in action.
Hundreds of times.

Windows environment investigations feel like the back of your hand at this point, and you’ve been starting to expand your knowledge on cloud-native forensics. Account takeovers are the new malware after all, and investigating the latest threats across Azure, GCP, AWS, and SaaS Apps is the growing frontier you’ve been looking to sink your teeth into.

You’re insatiably curious, addicted to threat intel, and an investigator at heart. Ultimately, you’d love an opportunity that allows you to get deeply technical and solve real cases at an intensity that’s compatible with your day job and every day life.

Why You Matter

You’ll be joining a seasoned team of high performing incident response consultants as part of our contract bench that are the tip of the spear for all forensic activity at modePUSH. With that, you’ll be eligible for picking up live response work and analysis to support breaches ranging from ransomware to nation-state threats at a schedule that makes sense for you. Your analysis expands our capacity to support clients at the highest level of quality.

What You'll Bring

• Experience responding to threat activity as an IR consultant or SOC analyst
• Strong understanding of Windows/Mac/Linux fundamentals, forensic artifacts, and network analysis
• Existing knowledge or passion to learn cloud-native investigations across AWS, GCP, and Azure
• An unwavering emphasis on investigation at the highest level of quality
• Perspective and voice to continue to shape our practice
• At least a few free hours a week on your schedule to take on IR work. We’re day-job friendly (as long as your employer is cool with it).

Compensation

$80 to $100 USD / billable hour based on skills and experience. Prorated full-time compensation of $160,000 to $200,000 USD.