Job Description:
Overview:
A CrowdStrike Resident Falcon Platform Responder provides dedicated personnel to assist with monitoring, investigating, and responding to cyber incidents within the Customer’s network environment as follows:
- Perform investigative analysis on various operating systems and applications on endpoints on which the Falcon platform is installed
- Act as an escalation point within Customer’s organization for anomalies identified by Customer’s security teams
- Conduct deep dive investigations to determine root cause of information security incidents within Customer’s network environment leveraging the Falcon platform
- Identify indicators of compromise and apply them to the incident response process
Service Objectives:
The CrowdStrike Resident Falcon Platform will work with Customer to determine tasks or goals on which to focus during the engagement and to prioritize and re-prioritize tasks as needed throughout the engagement. Successful completion of said tasks is reliant on Customer to provide needed resources, tooling, direction, etc. in a timely manner. Below are some example tasks/goals that may be applicable to the engagement.
- Monitor and triage alerts generated by CrowdStrike Falcon deployed on Customer endpoints
- Correlate CrowdStrike alerts with various sources within the enterprise and determine possible causes of such alerts
- Provide technical assistance to Customer’s cyber defense technicians to resolve cyber defense incidents as encountered
- Deliver after-action reviews, cyber defense techniques guidance, and reports on incident findings to appropriate constituencies.
- Perform initial, forensically sound collection of images to provide to incident responders and/or forensic investigators
- Make recommendations and create or modify processes and procedures based on current knowledge of advanced threat behaviors