Cyber Security Digital Forensics and Incident Response (DFIR) Engineer

Location:  Chicago, IL 

Summary:

Our client is a $30B+ global company that holds the #2 market position in their industry and is committed to a major transformation that includes centralizing and growing their cybersecurity team as well as a move to be a very nimble, open source development, and cloud enabled organization.  We are partnering with them to assist in filling a DFIR role on this growing cybersecurity team.   This individual will have strong enterprise experience and will be looked at to help build up the forensic team capability (this person could have a big voice/say in what changes are made or new technologies are brought in for support).   This DFIR engineer will perform intelligence-driven network defense supporting the SOC capabilities (Threat Intelligence, Threat Hunting, and Incident Monitoring/Response/Handling, et al.) The role involves forensic analysis of online and offline (“dead-box”) hosts and network logs associated with information security incidents discovered by the Threat Hunting and Monitoring capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, case management tools, forensics hardware/software, etc. in order to assist the DFIR team in contributing a near-complete technical understanding of information security incidents. The candidate will perform the functions of a digital forensics examiner team lead and collaborate with other teams in the Security Operations Center.

  • Manage the collection, preservation, processing, and analysis of digital evidence in support of investigations and incident response. Responsibilities include, but are not limited to, incident scoping, workflow, execution of forensically sound collections through proposed workflows, relevant data identification, and coordination of data handoffs to investigative resources.
  • Generate concise, accurate, and unbiased forensic findings reports on an as-needed basis.
  • Work and coordinate with additional organizational personnel to assist as-needed throughout the active investigations.
  • Mentor other forensic examiners in procedures, skills uplift, and approaches
  • Manage evidence including collection and forensic preservation, storage, and chain-of-custody.
  • Maintain highly detailed incident-related notes and documentation.
  • Candidate should be comfortable with work-related travel as well as occasionally working extended hours.

 Requirements:

  • Bachelor of Science degree in one or more of the following preferred concentrations: Computer Forensics, Computer Science, Computer Engineering, Information Technology, or Management of Information Systems. Masters degree preferred.  SANS certifications preferred
  • 5+ years of direct computer forensics experience (ideally 10+)
  • Operational understanding of modern threats and tactics used currently.
  • Experience with malware investigations and techniques used to investigate these incident.
  • Experience with PII and PCI investigations, as well identifying the resources needed to successfully investigate them.
  • Experience in supporting an Enterprise or Security Operation Center (SOC) investigation.
  • Familiar with industry accepted Open Source Solutions to help with varied components of an investigation.
  • Familiar with industry standard forensic software such as XWays, EnCase, FTK, and other software’s that may come to market.
  • Experience with identification, preservation, and analysis of electronic data pertaining to laptops, desktops, servers, backup tapes, mobile devices, webmail providers, cloud services, and other emerging technologies.
  • Strong background with Microsoft Windows, Apple OS X, and Linux operating systems.
  • Familiar with network environments and computer and network administration protocols.
  • Strong hardware and software troubleshooting technical experience.
  • Experience with scripting and programming languages such as: C#, Go, Java, Python, Pearl, Bash scripting, PHP, and others that would help streamline investigative techniques.

Contact Information:

For immediate consideration please email a resume to jlentz@htassociates.com