Security Digital Forensics Engineer

August 27

Apply Now

Receive Emails with Similar Jobs

Cloud Security Services

WebsiteLinkedInAll Job Openings

Cybersecurity keeps you up at night ? Dont know where to start with zero trust ? Look no further.

Zero Trust • Workforce Identity and Access Management • Customer Identity and Access Management • Data Security (Rest and In Motion) • Perimeter-less Security

2 - 10

Description

• Collect, process, analyze, interpret, preserve, and present digital evidence. • Perform forensic triage of an incident to include determining scope, urgency and potential impact. • Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products. • Document forensic analysis from initial participation through resolution. • Document forensic workflows based on sound industry practice. • Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity. • Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations. • Develop, document and refine procedures to accomplish discovery process requirements. • Manage all chain of custody best practices associated with the rules of evidence. • Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events.

Requirements

• Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices. • Forensics analysis background on following platforms and technologies: Cloud (AWS, Azure, GCP) Windows/Mac/Linux OS Physical and virtual network devices and platforms • Understanding of SaaS, PaaS, and IaaS. • Analyze and characterize cyber-attacks unique to cloud. • Skilled in identifying different classes of attacks and attack stages. • Understanding of system and application security threats and vulnerabilities. • Ability to document forensic workflows based on sound industry practice. • Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods. • Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc. • Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity. • Understanding of APIs and ability to leverage them for building integrations. • Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools. • Ability to write SQL to search data warehouse databases. • Familiarity with the following tools: Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open-source forensic tools • Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR) • Malware Analysis / Reversal Tools • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc. • Endpoint Detection & Response (EDR) • Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc. • 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field. • Proficient with host-based forensics and data breach response. • Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience is a value add. • Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner. • Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches. • Experience using industry standard forensic tools • Experience preserving desktops, laptops, mobile devices/tablets, servers, both cloud and on-premises email implementations, nontraditional cloud data sources, social media, etc. in a forensically sound manner. • Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical/non-technical clients. • Ability to demonstrate superior organizational skills with acute attention to detail. • Must be an energetic self-starter who can work within a team environment but also independently as the situation requires. • Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems. • Have experience working on incident response teams. • Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together. • Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior. • Understand the NIST IR framework or competing IR lifecycle frameworks. • Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident. • Able to work independently and identify areas of need in highly ambiguous and time-sensitive situations. • Have familiarity with MITRE ATT&CK and/or D3FEND frameworks. • Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response. • Excellent analytical skills. • Collaborative team worker – both in person and virtually using WebEx or similar. • Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint. • Ability to work as liaison between business and information security / information technology. • Flexibility to accommodate working across different time zones. • Ability to work PST work hours. • Excellent interpersonal communication skills with strong spoken and written English. • Business outcomes mindset. • Solid balance of strategic thinking with detailed orientation. • Self-starter, ability to take initiative. • Project management and organizational skills with attention to detail.