Senior Digital Forensics and Incident Response Consultant

October 20

Apply Now

Receive Emails with Similar Jobs

CYPFER

WebsiteLinkedInAll Job Openings

Information Security • Cyber Security • Managed Security Services • SIEM • Digital Forensics and Incidence Response

51 - 200

Description

• Engage on behalf of CYPFER in incident response tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams. • Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems. • Perform Windows/Unix/Linux forensics and triage, and network forensics to assess compromise and investigations. • Skilled in malware analysis tools and methodologies. • Apply mitigation strategies and concepts to remediate identified threats. • Analyze triage collections/artifacts for indicators of compromise (IoCs) and potentially malicious activity. • Review logs from host systems and appliances to identify suspicious activities. • Collect forensic disk and memory images from physical and virtual endpoints and servers. • Perform forensic analysis of physical systems, virtual machines, and network data. • Understanding of an incident lifecycle and cyber-kill-chain. • Familiarity with exfiltration techniques used by threat actors. • Correlate events and build timelines of events. • Maintain current knowledge on emerging threats and vulnerabilities. • Analyze files for IOCs using various techniques. • Conduct limited threat research based on IOCs collected during investigations. • Understand obfuscation techniques used to conceal malicious commands and traffic, and lateral movement strategies employed by threat actors. • Collaborate and share information within and across teams and communicate effectively with client managers and executives. • Write detailed reports and summarize findings clearly and concisely. • Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed. • This role is remote but requires the ability to travel on short notice to a client site up to 50%. • Must maintain flexibility to travel frequently within 24-48 hours' notice for deployments typically 1-2 weeks in duration.

Requirements

• 5+ years of experience in digital forensics, incident response, or a similar role. • Strong knowledge of Windows and Unix/Linux operating systems. • Expertise in threat hunting, network forensics, and EDR / EPP technologies. • Skilled in forensic acquisition and analysis of physical and virtual systems. • Advanced understanding of networking, routing, and firewall operations. • Working knowledge of storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS. • Ability to analyze and interpret logs from various sources. • Familiarity with SIEM and SOAR solutions. • Ability to perform threat research and analyze current threats. • Understanding of business email compromise (BEC) cases and investigation techniques.