Incident Response Forensics Examiner - Remote Role
Posted on Dec 7, 2020 by Tri-S Recruiters, Inc.
$30 Billion Corporation is seeking an Incident Response Forensics Examiner.
Seeking an experienced Digital Forensics Incident Response (DFIR) professional to perform intelligence-driven network defense supporting the Global Security Center: Incident Handling, Threat Intelligence, Threat Hunting and other stakeholders. The role involves forensic analysis of online and offline (dead-box) hosts and network logs associated with information security incidents discovered by the System-level Monitoring and Threat Hunting capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, etc. in order to assist the role in contributing a near-complete technical understanding of information security incidents.
- Bachelors and/or Master's Degree in Engineering, Computers Science, or related field.
- 5+ years overall technical experience in either forensics, threat intelligence, incident response, security operations, or related technical information security field.
- Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
- Strong Incident Handling experience.
- Strong and recent experience with malware analysis and reverse engineering.
- Strong experience with popular OS architectures (eg Russinovich's Windows Internals, Linux Kernel architecture, etc.).
- Experience with security operations tools, including but not limited to:
- Threat Intelligence Platforms
- Link/relationship analysis (eg Maltego, IBM i2 Analyst Notebook)
- Signature development/management (eg Snort rules, Yara rules)
- Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.).