Job Description

We are seeking an experienced Digital Forensics Incident Response (DFIR) candidate to perform intelligence-driven network defense supporting the Global Security Fusion Center (GSFC) capabilities (Incident Handling, Threat Intelligence, Threat Hunting and other stakeholders for GSFC). The role involves forensic analysis of online and offline (“dead-box”) hosts and network logs associated with information security incidents discovered by the System-level Monitoring and Threat Hunting capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, etc. in order to assist the role in contributing a near-complete technical understanding of information security incidents. The candidate will perform the functions of a digital forensics examiner and collaborate with other teams associated with the Global Security Fusion Center.

Job Responsibilities

Primary Responsibilities:

• Identify key data points regarding information security incidents, such as root-cause analysis, possible attack methods and techniques, malware infection and persistence methods, etc.
• Must understand the life cycle of an Incident and tools used to determine root cause during an incident.
• Operation understanding on reverse engineering malware.
• Perform network, disk, system files and memory forensic analysis.
• Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.).
• Implementing integration/orchestration of existing and new forensic infrastructure and tools.
• Perform custom analysis on (centralized) security event information to analyze incidents.
• Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate.
• Perform as an Information Security SME in the following areas:
  • Digital Forensics
  • Incident Response
  • Log analysis
  • Popular operating systems (Windows, Mac, Linux, Android, etc.)
  • Networking (firewalls, IDS/IPS, packet capture)
  • Other security related disciplines

Continued collaboration and support with teammates, as well colleagues as it pertains to incident analysis.

Primary Skills

Experience

• 5+ years experience in application design/engineering/maintenance, including but not limited to programming/scripting, Windows/Mac/Linux system administration, RDBMS/NoSQL database administration, etc.
• 5+ years working with Incident Response team on forensic cases.
• 2+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
• Hobbyist experience in “maker”/hardware hacking, e.g. Raspberry Pi, Arduino, etc.
• Experience with incident response workflow (or other case management “ticketing”) tools such as RSA Archer, ServiceNow, Remedy, JIRA, Resilient, Best Practical Request Tracker, etc.
• Obtained certifications in several of the following: SANS GIAC courses, CEH, CISSP, OSCP, or tool-specific certifications like EnCE, X-Ways, etc.

Scripting experience related to system administration, security operations, or forensics platforms (Python, Bash, Powershell, Perl, C/C++, EnScript).

Shift Timing

4.30PM to 2.30AM