Digital Forensic Examiner and Incident Responder

About The Position

Requirements

• Bachelor’s degree in computer science, Engineering, Science, Math or Cyber Security related field is required.
• Work Experience: Minimum 8 - 10 years functional experience including a minimum of 5+ years directly related to this role in incident response and digital forensics.
• 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase or AXIOM tools. Preference given for experience conducting MacOS examinations.
• 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
• 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent).
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Experience with cloud services.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
• Deep understanding of internals and constructs of modern operating systems.  (Windows/MacOS/Linux/Unix)
• Experience with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools.
• Experience with eDiscovery processes and the Relativity One platform
• Relevant security certifications (EnCE, MCFE, CFCE, CCME, CCO, CCPA, GNFA, GCFA).
• Provide three current work references & pass a criminal background check
• Pass a proficiency exam related to the role

Responsibilities

• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and the SIEM to determine source of compromises and malicious activity that occurred.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
• Participate with Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
• Maintaining proper chain of custody of evidence and associated documentation
• Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.

Benefits

• U.S.-based employees have access to healthcare benefits, paid time off, parental leave, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others.