| Description: The Sr. Digital Forensics Investigator will provide expert technical services concerning evidence collection and digital forensic analysis. The investigator will develop processes and procedures for collection, processing, preservation, and reporting of cybersecurity incidents and cyber threat intelligence and countermeasures activities to implement proactive defensive measures and improve response actions. This position requires ongoing proficiency in forensic tools, practices and procedures. Routine activities include collecting digital evidence, supporting insider threat investigation activities, and determining the root cause of an attack while supporting incident response activities. The investigator will assist with complex, sensitive incident response activities and apply knowledge of computer and network architecture to provide analysis during investigations, identify adversarial activity, and improve methods for future detection and prevention.
Responsibilities:
Primary responsibilities include:
• Collection: Acquire, preserve, and process digital data from physical, virtual, and distributed systems
• Analysis: Using customer intent, develop a hypothesis and examine collected digital evidence to either support or refute the hypothesis
• Use commercial and OpenSource tools to collect, analyze, and report on cyber security incidents
• Use a combination of Open Source research, network, and host forensic analysis, log review and correlation to support investigations
• Reporting: Produce accurate, evidence-based reporting to convey digital forensic analysis results.
• Develop comprehensive security write-ups which describe security issues, analysis, and remediation techniques to management
• Program Development: Make recommendations and provide input to the development of a Digital Forensics Program to improve and enhance Navy Federal’s investigation capabilities
• Develop internal documentation, such as detailed procedures, playbooks, and operational metrics reports as required
• Execute daily adhoc tasks or lead small projects as needed
Required:
• Previous experience in a Security Operations Center or Information Security in a senior role
• Work effectively as a team contributor and independently with minimal supervision or direction.
• Ability to anticipate and respond to changing priorities in a professional manner (triage, prioritization, competing tasks/deadlines, project scheduling).
• Ability to monitor and analyze logs and alerts from a variety of different technologies, including IDS/IPS, firewall, proxies, and anti-virus across multiple platforms
• Knowledge of security architectures, devices, proxies, and firewalls is required
• Experience with Netflow or PCAP analysis
• Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch
• Experience with the Windows file system and registry functions and *NIX operating systems and command line tools
• Knowledge of typical behaviors of both malware and threat actors and how they leverage common protocols and applications at the network level
• Strong research, analytical, and problem solving skills
• Excellent verbal, written and interpersonal communication skills
• Proven ability to present findings and conclusions clearly and concisely to all levels of staff, management and/or vendors
Desired
• Graduation from an accredited four year college or university in a technical / engineering discipline or equivalent work experience
• Experience with Security Tools related to SIEM/Enterprise Log Management, IPS/IDS, Antivirus, Firewalls, Proxies, DLP, and Forensic Analysis
• Experience in Cybersecurity analysis, incident response, or a related field with increasing responsibility
• Current forensic certification, CISSP, or GIAC
Hours:
Monday-Friday, 8:00AM-4:30PM |
