Our Forensics team is looking for a Senior Analyst to support our expanding mission. This position requires someone that can lead/conduct digitalinvestigations and compose thorough reporting. Additionally, an ideal candidate should have a robust understanding of the threatlandscape, be a support element for incident response, and conduct open source research.
What you’ll do:
- Computer networkinvestigations, and diagnostics of computer networks, network analysis, networkthreats and risks, incident response, and database research.
- Collaborate with SOC and Threat Intelligence teams to continuously improve our detection and response capabilities.
- Demonstrates expert understanding of the life cycle of networkthreats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
- Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
- Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident/investigations.
- Experience and proficiency with any of the following: Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics.
- Develop and ensure capabilities of forensic tools and infrastructure are optimized.
- Experience with malware analysis concepts and methods.
- Familiarity or experience with Volatility, Encase Forensic Software, other analysis tools.
- Familiarity with MITRE ATT&CK framework.
- Knowledge of Virtualization and Cloud security.
- Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems.
What you have:
- 6+ Years’ working experience with digitalforensicsinvestigations.
- 6+ Years’ Experience with computer network exploitation, construction, and diagnostics of computer networks, network analysis, networkthreats and risks, incident response, and database research.
- Expertise in networking fundamentals (TCP/IP, Network Layers, etc.).
- Automation experience is a desirable.
- Experience defining and supporting complete eDiscovery processes ensuring repeatability and defensibility of collections and processes.
- Advanced understanding of computer hardware and operating systems.
- Experience in Security Operations.
- Ability to organize and effectively present technical information to a non-technical audience, including the results of analysis or status of a project.
- Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.).
- Basic programming skills in various disciplines including scriptinglanguages.
- GCIA certification is preferred.