Digital Forensics & Incident Response Consultant

Job Description

*Digital Forensic & Incident Response Consultant

• Be an integral part of the Investigations and Cyber Response Team in responding to active and time-sensitive threats including communications and coordination across different teams.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Web Application Firewall (WAF), Endpoint detection and response (EDR), Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Proxy and Anti-virus solutions
• Strong understanding and experience in Cylance, Carbon black, and Crowd strike, endpoint security tools
• Ability to perform threat intelligence activities using open source tools
• Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
• Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company

What you bring to the role:

• Bachelor s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
• Work Experience: Minimum 5 years functional experience including a minimum of 2+ years directly related to this role in in incident response and digital forensics.
• Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
• Deep understanding of internals and constructs of modern operation systems.
• Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security preferred, but not required.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
• Experience with digital forensics in cloud services a plus Strong written, spoken skills, analytical skills, problem-solving skills, and demonstrated ability to work in complex environments to analyze cyber incident investigations
• Preferred Certifications: GCFA/ GREM/ GCFE / GNFA / EnCE / MCFE

, *Digital Forensic & Incident Response Consultant

• Be an integral part of the Investigations and Cyber Response Team in responding to active and time-sensitive threats including communications and coordination across different teams.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Web Application Firewall (WAF), Endpoint detection and response (EDR), Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Proxy and Anti-virus solutions
• Strong understanding and experience in Cylance, Carbon black, and Crowd strike, endpoint security tools
• Ability to perform threat intelligence activities using open source tools
• Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
• Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company

What you bring to the role:

• Bachelor s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
• Work Experience: Minimum 5 years functional experience including a minimum of 2+ years directly related to this role in in incident response and digital forensics.
• Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
• Deep understanding of internals and constructs of modern operation systems.
• Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security preferred, but not required.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
• Experience with digital forensics in cloud services a plus Strong written, spoken skills, analytical skills, problem-solving skills, and demonstrated ability to work in complex environments to analyze cyber incident investigations
• Preferred Certifications: GCFA/ GREM/ GCFE / GNFA / EnCE / MCFE

*Digital Forensic & Incident Response Consultant

• Be an integral part of the Investigations and Cyber Response Team in responding to active and time-sensitive threats including communications and coordination across different teams.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Web Application Firewall (WAF), Endpoint detection and response (EDR), Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Proxy and Anti-virus solutions
• Strong understanding and experience in Cylance, Carbon black, and Crowd strike, endpoint security tools
• Ability to perform threat intelligence activities using open source tools
• Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
• Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company

What you bring to the role:

• Bachelor s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
• Work Experience: Minimum 5 years functional experience including a minimum of 2+ years directly related to this role in in incident response and digital forensics.
• Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
• Deep understanding of internals and constructs of modern operation systems.
• Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security preferred, but not required.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
• Experience with digital forensics in cloud services a plus Strong written, spoken skills, analytical skills, problem-solving skills, and demonstrated ability to work in complex environments to analyze cyber incident investigations
• Preferred Certifications: GCFA/ GREM/ GCFE / GNFA / EnCE / MCFE

, *Digital Forensic & Incident Response Consultant

• Be an integral part of the Investigations and Cyber Response Team in responding to active and time-sensitive threats including communications and coordination across different teams.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Web Application Firewall (WAF), Endpoint detection and response (EDR), Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Proxy and Anti-virus solutions
• Strong understanding and experience in Cylance, Carbon black, and Crowd strike, endpoint security tools
• Ability to perform threat intelligence activities using open source tools
• Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
• Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
• Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company

What you bring to the role:

• Bachelor s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
• Work Experience: Minimum 5 years functional experience including a minimum of 2+ years directly related to this role in in incident response and digital forensics.
• Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
• Deep understanding of internals and constructs of modern operation systems.
• Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security preferred, but not required.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
• Experience with digital forensics in cloud services a plus Strong written, spoken skills, analytical skills, problem-solving skills, and demonstrated ability to work in complex environments to analyze cyber incident investigations
• Preferred Certifications: GCFA/ GREM/ GCFE / GNFA / EnCE / MCFE

Keyskills :
security informationevent managementdata loss preventionweb application firewallopen sourcecarbon blackcyber securityproblem solvingloss preventionweb applicationevent managementcomputer science