Title: Cybersecurity Forensics Investigator
Duration: 6 Months to hire
Location: Franklin MA – Some days work from home
Role is needed to support team as workload has increased and current team member is currently overloaded. Ideally this role will go perm next year. Want someone who wants to be around with Dell/EMC for a long time. Location will be onsite as they’ll be working in a lab. Some days not onsite but majority of the time they’ll be onsite. Have found these resources in the past that used to work for law enforcement handling cybersecurity investigations. Need to understand OS internals and how to peel through a laptop, desktop, or server looking for specific artifacts. Work with CSIRT teams and IR teams as this team does the backend forensics and incident response forensics. Have to be able to identify malware and tear apart to see what it does to determine what people are trying to steal.
Things we’re looking for – reverse engineering for malware (know a lot about system internals), talking about malware, threat intelligence, threat hunting (not looking for first level of defense but those who handle the escalations), anyone with SANs certs, ENCE cert (certified examiner), GFCE certs, any mention of cell phone forensics, well-versed in cloud security (Microsoft cloud security).
Lead small and medium sized investigations, coordinating tasks and resources from corporate legal, ethics, security, and IT teams
Manage multiple investigation requests through the entire lifecycle of Initiation, Data Collection, Analysis, and Data Production
Participate in designing, testing and deployment of new forensic or eDiscovery tools or solutions
Participate on Incident Response teams as forensic SME
Work with vendors for problem resolution
Develop and maintain comprehensive documentation
Standardize process and procedures and provide continual improvement
Perform other duties as required
Prioritizes own work and may have duties instructing, directing, assigning and overseeing work of more junior team members
Manager usually provides the problem for this individual to develop appropriate solutions
Specializes in security operations in one area
Works on cybersecurity problems that have medium to high complexity, with particular emphasis on security operations
Selects methods and techniques for identifying and advocating effective security solutions
Maintains and optimizes tools, processes, documentation, reporting, and technologies, and defines success criteria for their effective usage
Participates in reviews of available tools, technologies, and processes to secure all aspects the enterprise"
Degree in IT or 5+ years of enterprise IT experience
Understands advanced concepts of investigations, evidence handling and computer forensics
Experience with one or more major computer forensic products in an enterprise environment
Experience with SQL based database platforms
Problem solving and analytical skills
Ability to read, write and speak English
Good written and oral communication skills
Must work well independently and with others as part of larger team and be able to collaborate on cross functional teams
6+ Years Cybersecurity Experience
Working knowledge of system events and associated logs
Experience working with MS Windows Desktop and Server operating systems
Experience working with Linux/Unix
Experience working with Microsoft’s O365 environment
Familiar with Data Privacy laws and the associated security requirements
ITIL experience, certification preferred.
EnCase, ACE or ====FE certification.
CISSP or similar Security certifications
Works on cybersecurity problems that may be diverse and highly complex, with particular emphasis on security operations.
Selects methods and techniques for identifying and advocating effective security solutions.
Specializes in security operations in one or more areas, including network, host, database, application, event management, cloud, cryptography, identity, and other emerging technology.
Participates in reviews of available tools, technologies, and processes to secure all aspects the enterprise.
Maintains and optimizes tools, processes, documentation, reporting, and technologies, and defines success criteria for their effective usage.
Deploys tools, processes, documentation, and technologies, and defines success criteria for their effective usage.
APN Software Service INC