Digital Forensics and Incident Response (DFIR) responds to Security and Privacy incidents across all business segments and supports objective and professional analysis and response to security policy violations. The ideal candidate will have excellent analytical skills, good communication skills (written and verbal), and expert-level technical skills. This position will be responsible for providing operational support for identifying and eliminating Information Systems threats, managing security incidents, managing threat intelligence, handling SOC-related service requests, and executing on information security sponsored projects.
• Provide level technical resolution for security incidents and SOC service requests.
• Conduct threat hunting exercises.
• Log and record all identified/reported security incidents and service requests into DFIR ticketing system, and appropriately classify/prioritize based on DFIR SOP.
• Identify gaps and recommend improvements to enterprise technology environment across all platforms, with a goal to enhance the overall security posture of the customer.
• Processes and maintain adequate level of technical and analytical skills, to handle security incidents and threats that have the potential to introduce risk to sensitive/confidential data.
• Resolve or escalate security incidents and service requests in line with established service level targets.
• Assume ownership of, and provide; monitoring, tracking and communication of security incidents and requests.
• Maintain end-to-end responsibility for all relevant DFIR services in line with established service levels.
• Provide timely, reliable and courteous service to all customers.
• Work hand-in-hand with the SOC to identify, remediate and bring closure to all potential security related threats.
• Complete threat intelligence write-ups for high-visible/industry specific threats, and assess the level of exposure specific to customer.
• Stay abreast of latest vulnerabilities, exploits and other relevant threat-related information
• Internal development of DFIR policies and procedures.
• Take appropriate steps to demonstrate effective level of controls are in place to protect sensitive/confidential information within the customer environment (and to ensure compliance with PCI-DSS).
• Report common and repeat problems (trend analysis) to management and propose process and technical improvements.
• Provide technical and professional mentorship as needed.
• Represent DFIR to IT leadership as needed.
• Bachelor’s Degree in related field of study and 8+ years related experience and/or training.
• Minimum 3 years working as a Security Incident Response professional required.
• Minimum 3 years of experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity preferred.
• Experience using open source tools such as Remnux, Kali, Volatility etc.
• Experience deobfuscating potentially malicious content.
• Experience utilizing the Cyber Kill Chain.
• Experience using Encase and eDiscovery methodology.
• Experience in gathering and managing threat intelligence.
• Experience doing behavioral and static malware analysis.
• Experience with Next Gen firewall capabilities and sandboxing technologies.
• Experience with Next Gen end point threat detection and prevention technologies.
• Experience in leveraging intelligence and IOC information to recommend countermeasures.
• Ability to fully utilize MS Office products required.
• Experience with one or more scripting languages such as Perl, Python and PowerShell required.
• Experience working with interpreting, tuning, searching and manipulating data within enterprise logging/SIEM/NIDS solutions.
• Security and/or Networking familiarity or understanding preferred in any of the following:
Basic routing principles and networking fundamental
Well known protocols and services (FTP,HTTP,SSH,SMB,LDAP)
Command line interfaces
Packet Analysis Tools (TCPDUMP, Wireshark, etc)
Keen ability to diagnose and troubleshoot technical issues, excellent problem solving skills
CISSP certification preferred
• Excellent written and verbal communication skills required. Must be able to communicate technical details a clear, understandable manner.
• Customer-oriented focus required, with a strong interest in a satisfied client.
• Solid understanding of Information Security and Networking required.
• The ability to pick new technology or concepts up very quickly required.
• Outstanding time management and organizational skills required.
• This position requires on-call work in a 24/7/365 environment. The capacity to work on-call with a rotating schedule is required.