Incident Response Forensics Examiner
Posted on Nov 5, 2020 by Request Technology
A fortune 500 company is on the search for an Incident Response Forensics Examiner. This role is revolved around digital forensics incident response and dealing with incident handling, threat intelligence, and threat hunting. This role will do forensics analysis of online and offline hosts and network logs associated with information security incidents found by system level monitoring and threat hunting capabilities. This individual will be the information security SME for the following areas, Digital Forensics, Incident response, log analysis, Operating systems, and networking.
- Identify key data points regarding information security incidents, such as root-cause analysis, possible attack methods and techniques, malware infection and persistence methods, etc.
- Must understand the life cycle of an Incident and tools used to determine root cause during an incident.
- Operation understanding on reverse engineering malware.
- Perform network, disk, system files and memory forensic analysis.
- Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.).
- Implementing integration/orchestration of existing and new forensic infrastructure and tools.
- Perform custom analysis on (centralized) security event information to analyze incidents.
- Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate.
Perform as an Information Security SME in the following areas:
- Digital Forensics
- Incident Response
- Log analysis
- Popular operating systems (Windows, Mac, Linux, Android, etc.)
- Networking (Firewalls, IDS/IPS, packet capture)
- Bachelors and/or Masters Degree in Engineering, Computers Science, or related field.
- 5+ years overall technical experience in either forensics, threat intelligence, incident response, security operations, or related technical information security field.
- Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
- Strong Incident Handling experience.
- Strong and recent experience with malware analysis and reverse engineering.
- Strong experience with popular OS architectures (eg Russinovichs Windows Internals, Linux Kernel architecture, etc.).
Experience with security operations tools, including but not limited to:
- Threat Intelligence Platforms
- Link/relationship analysis (eg Maltego, IBM i2 Analyst Notebook)
- Signature development/management (eg Snort rules, Yara rules)
- Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.).