Sr Digital Forensics Incident Responder – Dfir
| Company | Alight |
|---|---|
| Location | Pennsylvania, USA, Iowa, USA, Washington, DC, USA, Texas, USA, Florida, USA, South Carolina, USA, Chicago, IL, USA, Georgia, USA, Arizona, USA, Virginia, USA, Wisconsin, USA, North Carolina, USA, Ohio, USA, Louisiana, USA, Michigan, USA |
| Salary | $136800 – $167400 |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Bachelor’s Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience.
- Must be willing to work off-shift hours, as needed, during incidents.
- Experienced using Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Sentinel, ARC, Lighthouse, Microsoft Defender for Cloud Apps, Data Loss Prevention, Microsoft Defender for O365.
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters.
- Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
- Excellent communication skills with the ability to manage joint response and remediation efforts and constructively influence peers and leadership.
- Understanding ‘hands on keyboard’ experience in any of the following: Digital Forensics & Investigative Response (DFIR), threat intelligence, penetration testing, or security research.
- Hands-on experience with popular incident response and orchestration tools.
- Experienced in conducting malware analysis.
- People focused, with a passion and drive to work on an experienced team and provide feedback to junior analysts.
- Understanding of sophisticated threat actors and their TTPs, including MITRE framework.
Responsibilities
- Detect, investigate, and respond to events from security technology such as Firewalls, IDS, IPS, SIEM, WAF, Email Security Gateway, DLP and other sources.
- Coordinate and work closely with 24/7/365 monitoring, incident detection, and response using both internal resources and an industry leading MSSP.
- Leverage extensive experience in threat analysis, detection, hunting, forensics, and/or incident response.
- Integrate tools, playbooks, and SOPs into a consolidated operating model (including SIEM, SOAR, EDR, and others).
- Provide feedback to aid in improving detection logic and policy improvements.
- Assist in coordination and execute of tabletop exercises.
- Provide post-incident Lessons Learned for improvement opportunities.
- Participate in on call rotation.
- Other duties as assigned.
Preferred Qualifications
- GCIH, GCIA, GREM, CISSP, AWS Certifications or related SANS certifications preferred.