Your team will face live, high-complexity intrusions where there is no playbook, no multiple-choice, and no “single right log.”
You will investigate open-ended, multi-stage attacks against enterprise environments, using the same SIEM and monitoring stacks your team runs in production.
Work through non-linear investigations: ingest raw logs, artifacts, and network data to build and validate your own hypotheses.
Reconstruct end-to-end attack chains: from initial access and lateral movement to persistence, exfiltration, and potential attribution.
Produce executive-grade reports: evidence-backed narratives, remediation plans, and containment strategies.
Advanced detection & investigation skills across heterogeneous data sources.
Endpoint, network, identity, and application analysis in realistic pressure conditions.
Threat-intel & attribution thinking against APT-style activity.
Representative MITRE ATT&CK coverage (Partial):
Initial Access, Execution, Persistance, Privilege Escalation, Defense Evasion, Credential Access , Lateral Movement, Collection & Exfiltration, Initial Access, Persistence, Lateral Movement, Privilege Escalation, Execution, Collection and Command and Control.