Cyber Defense Analyst (Forensics)
- Perform breach investigation and digital forensics of an incident
- Help determine the extent of the compromise, attributes of any malware involved and possible data exfiltrated
- Accurately describe the details of an incident
- Develop forensic and investigative reports
- Develop and manage breach investigation and forensics programs
- Develop and manage current knowledge of tools and best-practices in breach investigation and forensics.
- Manage external breach retainer service provider in delivering their services.
- Experience in host, network and mobile forensic and breach intrusion investigation.
- One or more of the following technical certificates: GIAC, GCIH, GCFA, GREM or equivalent
- Experience in performing live response on systems in support of breach intrusion investigation
- Experience in performing complete forensic duplication of the systems.
- Expertise in analysis of TCP/IP network communication protocols
- Experience conducting analysis of electronic media, packet capture, log data and network devices in support of breach intrusion analysis.
- Experience in computer exploitation tactics, techniques and procedures
- Experience in analysing malwares, identifying packers and compilers, reviewing PE file structure, carve and examine recovered data, researching interesting strings, dissembling and performing detailed reverse engineering on malware samples
- Able to make decisions on remediation and propose countermeasures in support of breach intrusion remediation.
- Experience in forensics and investigative report writing that can withstand legal scrutiny.
- Experience in live response and forensics tools and methodology.
- Experience in scripting language such as Python or other scripting languages.
- Experience in deploying forensics toolkit to support intrusion investigation
- Experience in chain of custody is followed for all electronic media acquired in accordance with existing regulations
- Experience in conducting breach investigation and forensics in a cloud environment.
- Hands-on and a self-starter, and comfortable dealing with multiple stakeholders in a fast-paced environment