Cyber Research

**About Difenda**

Difenda is a Sec-Ops-As-A-Service company that takes a cybersecurity-first, Microsoft-only approach to solving today's toughest cybersecurity challenges. We deliver 24/7/365 security operations, powered exclusively by Microsoft’s Security product platform. Difenda was one of the first MSSPs to join the Microsoft Intelligent Security Association (MISA). We are a Microsoft Solutions Partner for Security, Microsoft MSSP, achieved MXDR solution status, and hold Microsoft Specializations in Threat Protection and Cloud Security.

At Difenda we relentlessly defend our customers against cyber risks and deliver outcomes through innovative cybersecurity services. Difenda’s modular approach to managing security services meets customers where they are in their SecOps journey and helps them scale as they grow. Our customer-obsessed and outcome-driven mission helps customers maximize on their Microsoft Security investments to improve ROI. The Difenda Shield goes beyond security tool integration for end-to-end security coverage providing a consolidated and simplified view of the entire cybersecurity environment.

We are real people with real solutions. Our values guide the way we work with our business partners, within our communities, and with each other. Through passion, humility, accountability, inclusivity, and agility, we have created a diverse community culture where innovation is at our core, people can grow, and success can flourish. Difenda is recognized as a Great Place to Work for Inclusivity, Technology and Today’s Youth.

That’s the Difenda Difference.

**Job Brief**

The Research and Response Operations team is a group of highly valued professionals within the Cyber Command Center (C3) responsible for researching, understanding, and executing on a variety Threat Hunting methodologies and Incident Response engagements. They use this extensive knowledge to provide services spanning both the Threat Hunting and Remote Incident Response (RIR) lifecycles. Research and Response Analysts will provide escalated level support to the SecOps Analyst team and act as an escalation point for both the internal team and customers. They perform an integral role in ensuring proper incident response handling occurs for high severity incidents/engagements and are heavily involved in the execution and improvements of Difenda’s Threat Hunting capabilities.

The Research and Response Analysts will support ongoing service enhancement delivery through collaboration with development teams and hands-on Difenda Lab discovery work. They will support customer communications, including recurring and ad hoc customer calls, operational reviews, and quarterly executive debriefs.

The Research and Response Analyst shall have strong technical experience in the execution of security operations processes, including threat event lifecycle management, Incident Response, Forensic Investigations, Threat Hunting, and Threat Intelligence activities. A broad understanding of active threat groups and their methodologies is preferred. They serve as secondary support for intelligence initiatives with Difenda customers and are responsible to produce intelligent hunt ideas/trips surrounding active adversaries’ tactics, techniques, and procedures.

**Key Responsibilities**

The primary focus of the Research and Response Analyst is to work closely with the Research and Response Threat Intelligence Analyst and the Security Operations team to research and aggregate shared intelligence to perform threat hunting against Difenda customers and drive incident response activities. They advocate for the best practices, and document repeatable processes to support their activities and findings.

**Responsibilities**:

- Provide technical guidance and mentorship to SecOps Analysts, provide on-call support to the SecOps team
- Lead the delivery of Managed Detection & Response (MDR) service processes, including Threat event lifecycle management, Threat Hunting, and Remote Incident Response activities
- Lead escalated events, incident investigations and customer response support
- Actively execute Threat Hunting and other proactive activities in customer environments
- Provide intelligent Incident Handling during active Incident Response engagements by utilizing industry best practices
- Support the implementation, execution, and maintenance of the Remote Incident Response practices, including forensics investigations (live, cloud, network, traditional)
- Develop, execute, and train staff on MDR service threat triaging, Threat Hunting, and Incident Response processes
- Enforce standards and processes to ensure high quality MDR service delivery (e.g., case management standards)
- Work closely with the Cyber Research & Response Development teams to iteratively enhance MDR and other managed security services
- Support customer service communications, including operational and executive level meetings and reporting
- Identify, develop, communicate