Job Description
About the opportunity: Cloud Security Services is seeking a Digital Forensics Engineer Consultant to support their Threat Management Team’s objectives to provide forensics acquisition and analysis support across environments and support root cause analysis to improve security posture. This is a 6-month remote opportunity.
Responsibilities: - Collect, process, analyze, interpret, preserve, and present digital evidence.
- Perform forensic triage of an incident to include determining scope, urgency and potential impact.
- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products.
- Document forensic analysis from initial participation through resolution.
- Document forensic workflows based on sound industry practice.
- Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity.
- Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
- Develop, document and refine procedures to accomplish discovery process requirements.
- Manage all chain of custody best practices associated with the rules of evidence.
- Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events.
Required Skills - Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices.
- Forensics analysis background on following platforms and technologies:
- Cloud (AWS, Azure, GCP)
- Windows/Mac/Linux OS
- Physical and virtual network devices and platforms
- Understanding of SaaS, PaaS, and IaaS.
- Analyze and characterize cyber-attacks unique to cloud.
- Skilled in identifying different classes of attacks and attack stages.
- Understanding of system and application security threats and vulnerabilities.
- Ability to document forensic workflows based on sound industry practice.
- Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods.
- Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc.
- Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity.
- Understanding of APIs and ability to leverage them for building integrations.
- Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools.
- Ability to write SQL to search data warehouse databases.
- Familiarity with the following tools:
- Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open-source forensic tools
- Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR)
- Malware Analysis / Reversal Tools
- Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
- Endpoint Detection & Response (EDR)
- Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc.
- 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field.
- Proficient with host-based forensics and data breach response.
- Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience is a value add.
- Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner.
- Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches.
- Experience using industry standard forensic tools
- Experience preserving desktops, laptops, mobile devices/tablets, servers, both cloud and on-premises email implementations, nontraditional cloud data sources, social media, etc. in a forensically sound manner.
- Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical/non-technical clients.
- Ability to demonstrate superior organizational skills with acute attention to detail.
- Must be an energetic self-starter who can work within a team environment but also independently as the situation requires.
- Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems.
- Have experience working on incident response teams.
- Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together.
- Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior.
- Understand the NIST IR framework or competing IR lifecycle frameworks.
- Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident.
- Able to work independently and identify areas of need in highly ambiguous and time-sensitive situations.
- Have familiarity with MITRE ATT&CK and/or D3FEND frameworks.
- Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response.
- Excellent analytical skills.
- Collaborative team worker – both in person and virtually using WebEx or similar.
- Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint.
- Ability to work as liaison between business and information security / information technology.
- Flexibility to accommodate working across different time zones.
- Ability to work PST work hours.
- Excellent interpersonal communication skills with strong spoken and written English.
- Business outcomes mindset.
- Solid balance of strategic thinking with detailed orientation.
- Self-starter, ability to take initiative.
- Project management and organizational skills with attention to detail.
Preferred Skills - Relevant industry security certifications such as CISSP, SANS GIAC (e.g. EnCE, GCIH, GNFA, GCFE, GCFA, GREM or additional tool-based certifications), AWS certifications (SAA, SAP, or SCS), etc.
- Familiarity with other security verticals such as: Incident Response, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive Security.
- Networking experience with LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP, and NSRP) routing protocols and technologies.
- Knowledge of detection tools, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty.
- Demonstrate how to execute common web application attacks like SQL Injection, XSS, CSRF Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures.
Required Education - Bachelor's degree (BA/BS) in Computer Science from four-year college or university; or equivalent training, education, and work experience. Cybersecurity certifications such as CISSP, CISM, etc.
Preferred Education - Cybersecurity certifications such as CISSP, CISM, etc.
Job Tags
Contract work, Work experience placement, Remote job,