Digital Forensics and Incident Response Analyst
KEY RESPONSIBILITES:
- Oversee incident response tasks and train junior staff
- Use cutting-edge technology to do search and investigative work to look at endpoint and network-based activity, such as Endpoint Detection & Response tools, SEIM-based log analysis, and full packet capture
- Probably anticipated to serve as the main point of contact for an outside agency
- Conduct thorough investigations, pinpoint root causes, and share information with all relevant parties, including technical personnel and leadership
- Perform host-based forensics, network forensics, log analysis, triage, limited malware analysis, and incident response in support of these activities
- Produces end-of-shift reports for documentation and information sharing with incoming analysts
- Implement remediation plans in response to incidents in collaboration with important stakeholders
- Author Standard Operating Procedures (SOPs) and training documentation when needed
- Create security-related content, scripts, tools, or techniques to improve incident investigation procedures
QUALIFICATIONS:
- 8 years of general experience, with a minimum of 6 years as an incident responder/handler (less experience may be taken into account if there is extra schooling, certificates, or other relevant characteristics)
- Deep packet and log analysis
- Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts
- Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience
- Advanced knowledge of TCP/IP protocols
- Forensic and Malware Analysis
- Bachelor-s degree or equivalent experience
- Knowledge of Windows, Linux operating systems
- Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
- Cyber Threat and Intelligence gathering, and analysis preferred