Purpose of the Position:
In this position, you will provide technical guidance to various internal stakeholders in cases that relate to insider threat investigations, network intrusions, current and anticipated litigation matters. You will be expected to maintain proficiency and up-to-date knowledge of industry standards, tools, core operating systems changes, network security and incident response techniques and frameworks. This role has the ability to be virtual.
Day to Day Responsibilities:
- Determine best methods to acquire and analyze computers, portable media and other sources of data with the objective of fact finding around questionable security events
- Utilize forensic applications to acquire host related artifacts from desktops, laptops, mobile devices and other portable media either via network or direct connection
- Utilize commercial and open source forensic analysis tools to support investigative objectives
- Correlate log data and forensic artifacts from multiple sources.
- Document and report findings, prepare written forensic reports, provide oral communication concerning outcome of investigations
- Ensure continuous integrity of collected source data and media according to industry standards and best practices, as well as internal controls and procedures
- Collect, load, and assist with review of documents within an eDiscovery platform
- Provide on-call support outside of core hours as needed.
Education and Experience:
- Bachelor’s degree and 3+ years of DFIR experience – additional years of relevant experience may be considered in lieu of Bachelor’s degree
- Relevant certifications (GCFA/GCFE, CFCE, EnCE, ACE, CDFE, etc.)
- Experience with acquisition and analysis of Windows OS forensic artifacts
- General understanding of forensic artifacts of MacOS, iOS and Linux based systems
- Fundamental understanding of common filesystems (EXT4, APFS, NTFS, FAT32)
- Knowledge of industry best practices as they relate to each phase of forensic investigation (case triage, evidence acquisition & processing, analysis, documentation & presentation of findings, evidence handling & disposition)
- Experience working with major commercial forensic platforms and tools (Axiom, EnCase, Xways, FTK, TZworks)
- Experience working with open source forensic tools (SIFT, Volatility, Autopsy/Sleuthkit)
- Experience with Splunk or other SIEM-type platform; • Experience in correlation of log data and forensic artifacts from multiple sources
- Experience in written/oral communication of findings and conclusions to both, technical and non-technical audience
- Experience creating operational procedure documentation
- Legal eDiscovery experience: communication with legal teams related to active or anticipated litigation matters, general understanding of EDRM, searching and extraction of enterprise data for the purposes of legal eDiscovery, working with eDiscovery platforms (e.g. Relativity, Intella, MS Core/Advanced eDiscovery).