Tier 3 Digital Forensics and Incident Response Analyst

About The Position

Requirements

• Bachelor’s Degree or an equivalent combination of formal education and experience
• Minimum of eight years of experience and six (6) years of general experience and three (3) years of relevant functional experience performing digital forensics
• Demonstrated competency in forensic tools, such Encase and Wireshark
• Core Competencies in computer forensics, computer networking and operating systems.
• Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses
• Understanding of scripting languages such as Python and regular expressions
• Knowledge of Windows and Linux, and command lines
• TS/SCI Clearance required

Nice To Haves

• One of the following certifications: CISSP - Certified Information Systems Security Professional, GCFA - GIAC Certified Forensic Analyst, GCFE - GIAC Certified Forensic Examiner, GREM - GIAC Reverse Engineering Malware

Responsibilities

• Lead cross-functional teams to perform in-depth analysis and investigation of high-priority cybersecurity incidents
• Utilize security tools to analyze, investigate, and triage security alerts
• Coordinate the monitoring of our customers environments, including cloud and SaaS solutions for evidence of adversarial activity
• Utilize advanced tools, such as digital forensics or malware analysis capabilities, to identify incidents’ root causes, scope, and impact
• Collaborate with cyber threat hunting and cyber threat intelligence teams
• Serve as the primary incident point of contact with law enforcement, third-party vendors, and other external parties
• Conduct post-incident analysis and lessons learned to identify improvement opportunities
• Develop or tune detection rules or signatures to improve the effectiveness of security monitoring and collaborate with engineering teams to implement them
• Accurately document triage findings, and intake reports of external cybersecurity events from SOC customers via phone or email in the SOCs Incident Management System(IMS)
• Learn new open and closed-source investigative techniques
• Perform research on emerging threats and vulnerabilities to aid their prevention and mitigation
• Assist in developing and implementing initiatives that will enhance the SOC’s performance (e.g., SOPs, playbooks, capability deployments)
• Escalate SOC performance issues or risks to management
• Provide guidance and mentorship to Tier 1 and Tier 2 SOC Analysts to enhance their skills and capabilities

Benefits

• Health/Dental/Vision
• 401(k) match
• Flexible Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• maternity/paternity leave