Digital Forensics and Incident Response Analyst

Digital Forensics and Incident Response Analyst

Requirements

• Bachelor’s degree or four or more years of work experience.
• Four or more years of relevant experience required, demonstrated through work experience and/or military experience.
• Experience working in Digital Forensic, Incident Response, and/or a Security Operations Center (SOC) environment(s).
• Ability to pass and/or obtain a security clearance.

Responsibilities

• Executing the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses.
• Operating as a trusted advisor on threat analysis during incidents for incident management teams and other stakeholders by following cybersecurity response methodologies such as the NIST Cybersecurity Framework.
• Serving as a primary point of contact during assigned on-call shifts, responding promptly to incidents, escalations, and critical alerts to minimize downtime and mitigate risks to the enterprise.
• Deploying security tools and leveraging logs and endpoint forensic analysis in order to complete a detailed and accurate assessment of security alerts and threats affecting the Verizon enterprise and cloud infrastructure.
• Assisting with the development of security controls for multiple platforms via automated capabilities by using advanced analysis and forensic techniques.
• Driving identification, analysis, and remediation activities to ensure compliance with relevant regulatory requirements, industry standards, and best practices related to security and data privacy.
• Providing assistance and analytical evaluations for high-priority and significant security incidents, including composing extensive and comprehensive analysis summaries and facilitating incident-related discussions.
• Identifying gaps in detections and collaborating with teams across Cyber Security to mitigate threats and improve the overall security posture.
• Recommending ways to mature and advance the preventive and defensive capabilities of the TMC. This includes leveraging data and knowledge to clearly communicate the use case for alert creation.
• Collaborating with cross-functional teams to respond, identify, and analyze the root cause of a cybersecurity incident.
• Conducting risk assessments, in-depth analysis, and forensic investigations to determine the root cause and impact of incidents.
• Enhancing, and/or implementing DFIR playbooks to ensure cohesive response repeatability.
• Assisting with producing operational read-outs and case reviews for peers and leadership that accurately capture the effectiveness of the DFIR organization.
• Continuously honing to build and maintain knowledge, skills, and abilities needed to maintain proficiency in producing thorough and accurate digital forensic analysis.
• Enhancing techniques, workflows and processes of security controls, compliance assessments, and DFIR procedures to drive the TMC operational and strategic growth (continuous improvement).

Preferred Qualifications

• Awareness of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain.
• Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them.
• Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.
• Programming and Scripting Experience to enhance automations, ad-hoc forensic analysis and speed-up response times.
• Previous experience with log aggregation platforms such as Splunk, Elastic, Snowflake, LogRhythm, etc.
• Proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and MacOS Operating Systems.
• Demonstrates leadership and mentoring skills to help advance the overall capabilities of the TMC organization.
• Ability to work in a highly collaborative environment needing strong communication, presentation, and leadership-like skills.
• Exhibits initiative, follow-up and follow through with commitments.
• Certifications like: Network+, Security+, CISSP, EnCE, CFCE, C|EH, C|HFI, GCFA, GCFE, GCIH and/or cloud-specific security certifications (e.g. AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer).