Cyber Security Incident Engineer - Forensics
Responsible for conducting technical cyber security investigations utilizing leading forensic software to identify, collect, preserve and analyze electronic data from across variant technologies. The position will involve active participation in all phases of incident response and digital forensic evidence collection including malware reverse engineering. Responsible for determining the scope of a potential security breach by employing host and network based forensic analysis, determining if the activity was ultimately successful in compromising security controls and coordinating root cause analysis. Works independently with minimal-to-no supervision while also demonstrating the ability to be a subject matter expert on projects and initiatives autonomously.
- Evaluates, designs and implements cybersecurity forensics solutions to pre-stage ecosystem for use during an investigation
- Examining systems for points of intrusion and recreate breach scenario
- Overseeing chain of custody by maintaining preservation, collection, processing and production of electronically stored evidence
- Conducting host and network-based data forensic investigations
- Working closely with various groups, such as Investigations, internal and external counsel, internal audit, security, and human resources on internal matters
- Provide support to the Security Incident Response Team (SIRT) in the effective detection, analysis, and containment of attacks
- Collaborate and build relationships across the organization and in industry groups to obtain the latest investigative best practices
- Analyze malware and perform reverse engineering to drive intelligence, assist in containment and eradication
- Create briefings to educate leadership, IT operations staff, and users about technical threats
Skill and Abilities
- Demonstrate proficiency skills and deep technical knowledge of cybersecurity forensic collection and data analysis tools (e.g., EnCase, FTK, X-Ways, TSK, Volatility, Honeyd, Firebug, Burpsuite, Redline)
- Perform as subject matter expert on technical incident response handling and digital forensics that is capable of planning, executing, and directing all phases of incident response
- Solid understanding of threat actor techniques related to reconnaissance, server attacks (with emphasis on web applications), end-user attacks, network-based attacks, expanding foothold (pivoting), and hiding tracks
- Advanced understanding of Linux, Windows operating systems, and network routers / switches
- Advance proficiency in information security principles and standards
- Knowledge of and experience with incident handling procedures and pursuing incidents.
- Experience determining cause and extent of data loss and advice on remediation plan
- Ability to present risks and propose countermeasures to non-technical audience
- Demonstrated proficient decision-making skills, analytical and problem-solving ability
- Ability to deliver succinct and fact-based communications, both verbally and in writing, and at various management layers
- Will be mostly remote work but will be required to be on-site in Moorestown, NJ, when needed after restrictions are eased.
Education Level Bachelor’s Degree or master’s Preferred
Field of Study Information Assurance, Computer Science or related field
Certifications Required: CISSP; CISA, or GIAC
Years’ Experience Requires 5-7 years related experience.
Leading Path is an award-winning Information Technology and Management Consulting firm focused on providing solutions in process, technology, and operations to our government and Fortune 500 clients. We offer a professional and work environment with a strong work-life balance. Leading Path provides a comprehensive and competitive benefits package, 401K, tuition reimbursement and opportunities for professional growth and advancement.