Digital Forensics and Incident Response Investigator

260312-South Florida Region Admin • Tampa, Florida, United States • 3w ago

Description

Associate, Digital Forensics and Incident Response - Cybersecurity Operations

Associate, Digital Forensics and Incident Response (“DFIR”) will be required to conduct digital forensic analysis in support of HR/ER, Legal, Compliance, Cybersecurity, and Global Security investigations. Additionally, DFIR is responsible for examining post-exploitation artifacts across JPMC digital assets with a focus toward extracting and sharing Indicators of Compromise (“IoCs”) or details of control gaps in support of live incidents, post-incident investigations, or internal investigations.

A successful candidate will have experience working independently and/or as part of a team in digital forensic investigations. They will also possess a strong investigative mindset, attention to detail, strong problem-solving skills, strong technical skills, good self-awareness and a drive to be thorough, timely and accurate.

This position requires work from the office a minimum of 60% of the time.

Responsibilities:

Collects digital evidence from a variety of sources to include computers, cloud platforms, mobile devices, logs from applications/aggregation platforms and network evidence keeping forensic principles in mind.
Analyzes host and network based artifacts generated by users or software to be able to reconstruct activities which occurred on computing assets.
Communicates with stakeholders clearly and effectively during and after the completion of an investigation to ensure that all concerns are addressed and the circumstances surrounding the situation are fully understood.
Writes detailed notes and reports which properly document the steps taken during an investigation so that the methods used and outcome obtained are understandable and repeatable.
Works with team members as well as other internal and external teams or stakeholders to develop forensic processes for new technologies as well as to automate existing and new processes to increase efficiency and scalability.
Works with other team members to improve procedures in order to increase the efficiency of the team and the robustness of the team’s work product.
Validates, verifies and documents new and existing forensic toolsets for use by the team.
Engages in continuous learning and shares information with team mates.

Skills and abilities:

Some, but not all of the diverse skills expected from a candidate for this position would include the following:

The ability to function well in a leader-leader environment, where individuals take ownership of work or projects and are responsible for the outcome.
An understanding of digital forensic tools and techniques used to support internal fraud and employee investigations.
An understanding of how tools work as well as the willingness and ability to manually examine data when required.
An understanding of the scientific method and how it applies to digital forensics.
Use host-based and network forensic capabilities to reconstruct actions on a computer or develop information regarding IOCs and TTPs for threat actors and malware, which can be shared amongst other internal teams.
Leverage practical experience to develop methodologies for proactive hunting of threat actors in the absence of alerting or rules-based detections.
Experience preparing in-depth investigation reports into forensic investigations, breach reports, privacy incidents and data exposure type cases.
Demonstrate strong written and verbal communication skills necessary to effectively interpret investigative requirements, provide technical guidance, and provide detailed documentation of analysis findings.

Qualifications

Bachelor’s Degree in Computer Science or other Technology related field preferred.
1 year of experience working in the computer forensics, cybercrime investigations, and other related technical fields.
Law enforcement or military experience preferred.
Well-developed knowledge of computer forensic best practices and industry standard methodologies for investigating host-based and network analysis.
Experience with malware reverse engineering is a plus.
Experience with investigating data compromise events is a plus.
Experience with networking protocols and packet analysis.
Experience working with industry standard tools (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT, Cellebrite, etc.)
Ability to automate tasks using a scripting language (Python, PowerShell, Bash, etc.) is a plus.
Able to work independently and/or with a team to conduct forensic examinations.
Able to articulate and visually present complex forensic investigation and analysis results.
Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective.
Industry standard digital forensics certifications (GCFA, GNFA, GCFE, CFCE, etc.) are a plus.
Industry standard information security technology certifications (GCIH, GREM, etc.) are a plus.
Memberships and participation in relevant professional associations is a plus.
Able to work under pressure in time critical situations.
Excellent written and verbal communication skills are required.
Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in non-technical terms.