Digital Forensic Analyst - Incident Management

Company Description

Role Description

Responsibilities :

• Manage client engagements, with a focus on incident response and investigation.
• Provide both subject matter expertise and project management experience to serve as the point person for client engagements.
• Assist with client incident scoping call and participate in the incident from kick-off through full containment and remediation.
• Security Analytics Efficiently distill actionable information from large data sets for reporting, hunting, and anomaly detection.
• Recommend and document specific countermeasures and mitigating controls with post incident analysis findings.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and network PCAP analysis, malware triage, and other investigation related activities in support of Incident Response investigations.
• Supervise Digital Forensics and Incident Response staff and assisting with performance reviews and mentorship of cybersecurity professionals.
• Mature the Security Incident Response process to ensure it meets the needs of the Clients.
• Interact with Clients CSIRT teams to cater continuous and/or ad-hoc client requests for Incident Response services.
• Possess the experience, credibility and integrity to perform as an expert witness.
• Involve in business development activities and supporting pre-sales teams in Identify, market, and develop new business opportunities.
• Assist with research and distribute cyber threat intelligence developed from Incident Response activities.
• Research, develop and recommend infrastructure (hardware & software) needs for DFIR and evolve existing methodologies to enhance and improve our DFIR practice.
  

Skills Required

• 8-14 years Information Security experience with at least 5 year of Incident Response experience.
• Solid understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain.
• Understanding of Threat Hunting and threat Intelligence concepts and technologies.
• Experience of leveraging technical security solutions such as SIEM, IDS/IPS, EDR, vulnerability management or assessment, malware analysis, or forensics tools for incident triage and analysis.
• Deep experience with most common OS (Windows, MacOS, Linux, Android, iOS) and their file systems (ext3.4, NTFS, HFS+, APFS, exFAT etc).
• Proficiency with industry-standard forensic toolsets (i.e. EnCase, Axiom/IEF, Cellebrite/UFED, Nuix and FTK).
• Experience of enterprise level cloud infrastructure such as AWS, MS Azure, G Suite, O365 etc.
• Experience of malware analysis and understanding attack techniques.
• CISSP, ECIH v2, GCFA, GCIH, EnCE or equivalent DFIR certification.
• Ability to work in time-sensitive and complex situations with ease and professionalism, possess an efficient and versatile communication style.
• Good verbal and written communication skill, excellent interpersonal skills.