Digital Forensics Incident Response Consultant (DFIR) – Atlanta, GA
Optomi, in partnership with an industry leader in the FinTech space is looking to hire a Sr DFIR Consultant to their team! The Senior Digital Forensics Incident Response Consultant will be responsible for day-to-day activities, responding to both routine and high-severity incidents and leading the Forensics E-Discovery team. This is a position where the ideal DFIR candidate will have a strong background in network incident response, digital forensics, e-discovery processes, and litigation support.
Apply today if your background includes:
- 5+ Years as a Senior incident responder/leader of incident response, digital forensics and e-discoveryStrong knowledge of network, backend systems, operating systems, applications, and web services in a manner that allows for the interaction of all as it relates to security and services.
- Experience configuring custom Splunk searches and applications required
- Experience with analyzing attack vectors and methods in order to develop Splunk ES SIEM signatures or detections
- Ability to apply analytical expertise and critical thinking to security incidents
- Ability to assimilate, understand and utilize various security technologies
- Demonstrated team or functional leadership experience
- Experience processing and analyzing intelligence in support of management decision making
- Current Information Security related certification preferred.
- ·Knowledge of relevant information security and incident response frameworks such as ISO 27001, NIST SP 800-61, NIST Cyber Security Framework, MITRE ATT&CK Framework.
Key responsibilities:
- Collaborate with internal and customer teams to investigate and contain incidents. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.
- Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs). Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes that can be applied to current and future investigations.
- Analyze attack vectors and methods to develop custom Splunk ES SIEM signatures or detections. Provide and implement recommendations to improve Splunk ES detections
- Lead the SOC’s incident response team threat hunting and incident response activities
- Lead Postmortem exercises post incidents with a focus to identify deficiencies requiring additional attention.
- Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Email Security, Cloud Security, and other security threat data sources.
- Oversee the collection, preservation, and analysis of electronic data and metadata in response to litigation, regulatory inquiries, and internal investigations.
- Collaborate and communicate with the Law Department and Global Security teams to understand case requirements and provide guidance on e-discovery and digital forensics matters.
- Conduct data collection from U.S.-based – and, in some cases, internationally-based – digital devices, including computers, mobile devices, and cloud-based, and network systems; deduplicate and import said data into Relativity or other e-discovery review platform.
- Develop and implement e-discovery strategies and workflows to ensure efficient and defensible processes.
- Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, Public Cloud, and networking, to offer global solutions for a complex heterogeneous environment.
- Develop and implement e-discovery strategies and workflows to ensure efficient and defensible processes.
