- Responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the Incident Response team.
- Require the ability to triage and conduct thorough examinations of all types of digital media across a diverse environment,
- Ability to determine containment and/or remediation activities that may be required as well as identify potential threats.
- Reporting and collaborating with the different areas of business is required.
- Perform live network assessments using leading packet capture and analysis software tools.
- Establish timelines and patterns of activity based on multiple data sources.
- Identify, document and prepare reports on relevant findings.
- Conduct examination of digital media (hard drives, network traffic, images, etc.).
- Capture / analyze network traffic for indications of compromise.
- Review log-based data, both in raw form and utilizing SIEM or aggregation tools.
- Bachelor's degree in Computer Science or equivalent
- At least 5 years of experience in IT Security Digital Forensics
- At least 5 years of experience in Incident Response in a global corporate enterprise
- Demonstrated computer forensic investigations experience.
- Excellent technical writing and presentation skills.
- Expert-level knowledge of common attack vectors and penetration techniques.
- Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS and encryption.
- Demonstrated knowledge of forensic tools (Encase, FTK, Axiom Magnet, Black Bag, SIFT, Kali)
- Experience with malware analysis (reverse engineering).
- Experience managing large and small-scale cyber security incidents.
- Demonstrated understanding of database structures and SQL.
- Good understanding of networking protocols
- Experience with programming or scripting languages (Python, Ruby, Powershell)
- Demonstrated system administration skills.
Required Certifications (any two of the following)
- ACE (Access Data Certified Examiner)
- EnCe ( EnCase Certified Examiner)
- AWS Security
- GCFE (GIAC Certified Forensics Examiner)
- GNFA (GIAC Network Forensics Analyst)
- GCIA (GIAC Certified Intrusion Analyst)
- GCIH (GIAC Certified Intrusion Handler)
- GREM (GIAC Reverse Engineering Malware)
- OSCP (Offensive Security Certified Professional)
Cristina Malabuyoc Malijan EA License No. 02C3423 Personnel Registration No. R1111547