Sr Security Analyst (Forensics Investigator) - Hybrid in NYC Mon-Thurs (11101)
Optomi, in partnership with a global, Fortune 500 leader in the retail space (market value of $32B+) is looking for Forensic Analyst/Investigator. The Forensic Analyst will assist with investigations and other security initiatives. The right candidate will have strong evidence collection and analytical skills. Insider threat and endpoint forensics experience is ideal.
Responsibilities / Deliverables:
- Forensic Investigations: Conduct technical investigations in support of incident response activities, insider threat incidents, electronic discovery matters, legal proceedings, and compliance requirements.
- Evidence Collection: Gather digital evidence in a forensically sound manner including capturing and preserving data from various sources such as endpoints, servers, and mobile devices while maintaining chain-of-custody protocols.
- Forensic Analysis: Conduct in-depth analysis of collected evidence to uncover the root cause and impact of the cybersecurity incident by examining logs, files, and artifacts to understand the scope and nature of the attack.
- Intelligence Integration: Integrate cyber threat intelligence into IFD activities to stay ahead of emerging threats and enhance detection and response capabilities.
- Incident Response: Assist in cybersecurity incident response containment, eradication, and recovery activities; assist with implementing strategies to prevent further damage and restore normal operations.
- Documentation and Reporting: Document investigation process, findings, and actions taken; prepare detailed investigative reports that are clear, accurate, and useful for stakeholders and potential legal proceedings.
- Technology Tuning: Tune and troubleshoot IFD tools and technologies to ensure effective and efficient detection, response activities. Reference Primary Tools and Technologies table, below.
- Communication and Coordination: Communicate clearly and effectively with technical and non- technical stakeholders to ensure threat-informed decision-making.
- Processes and Procedures: Follow cybersecurity processes, procedures, playbooks, and protocols for ensuring consistent and effective IFD practices and alignment with industry standards and regulatory requirements.
- Processes and Procedures: Maintain and follow cybersecurity processes, procedures, playbooks, and protocols for ensuring consistent and effective IFD practices and alignment with industry standards and regulatory requirements.
- Metrics and KPIs: Assist in providing regular metrics and KPI updates as well as ad-hoc reports, both written and verbal, on cybersecurity incidents, detection and response activities, and IFD performance.
- Compliance and Audits: Comply with relevant regulatory requirements and industry standards; prepare for and manages audits, ensuring that the IFD adheres to necessary compliance measures.
Primary Tools and Technologies: Palo Alto, Splunk, Proofpoint, ServiceNow, SentinelOneShadow Dragon, XSOAR, EDR, Link Analysis, Open-Source Intelligence, Monolith Forensics
