ROLES & RESPONSIBILITIES
- Oversees Forensics analysis and supports multiple Tiger Teams and engagements for matters beyond Ransomware/BEC matters.
- Leads investigations for projects beyond Ransomware and BEC including Cloud, insider threat, and advisory/Enterprise Incident Response (EIR) matters.
- Works with the Forensic members of the Tiger Team to ensure digital forensic analysis of Windows, Apple Mac, and Windows based operating systems, in addition to the analysis of networking appliances including but not limited to, VPN and firewall appliances is performed in an efficient and timely manner.
- Provides forensic data and artifact collection requests based on the investigative approach to ensure the data is collected and made available for forensic analysis with limited impact.
- Leads delivery of findings for a Tiger Team working in conjunction with the Senior Analyst to provide oversight across multiple additional Tiger Teams, while taking on leadership responsibilities related to the delivery across the additional multiple Tiger Teams.
- Reviews scoping call notes and case background for situational awareness from the start of every engagement.
- Drives the forensic investigation forward ensuring the right data is collected and analysis questions are answered to tell the narrative story of how the threat actor compromised the client’s network and environment.
- Works with the Tiger Team to understand the nature of issues, potential risk to Counsel, Carrier, and Client relationships.
- Collaborate and leverage threat intel Tactics, Techniques, and Procedures (TTPs)/Indicators of Compromise (IOCs), information from our Security Operations Center (SOC)/Threat Hunting team, and updates from our Negotiations teams as part of the incident.
- Supports the Director, as a Forensic Subject Matter Expert (SME) for all active forensic analysis for projects on the assigned Tiger Team.
- Maintains target utilization for members of the Tiger Team that comes from client billable work including forensic analysis, participating in client update or forensic scoping and update findings calls, client correspondence related to forensic analysis, data collection, or investigative questions verbally or in writing.
- Initiates and manages the forensic data collection process in support of the forensic investigation for the assigned engagement.
- Ensures the forensic project timeline is on track, daily updates are provided from the assigned analysts to the IR Director, and Analyst SLAs are met (i.e. report is delivered on time, interim and final updates are provided on-time when asked)
- Delivers Forensics findings and updates to support the Tiger Teams and Senior Analysts as needed due to conflicts or time-off in a clear, concise manner while adjusting communication content and style to meet the needs of diverse stakeholders
- Ensures assigned analysts have the data, context, and clarity they need to conduct accurate and timely analysis.
- Works with Senior Analyst to deliver on the Forensic Investigations plan & manages the delivery timeline delivery across the projects
- Monitors and tracks the Forensic budget and budget burn rate across multiple engagements
- Allocates Forensic Tiger Team and Tiger Team Pool resources to the Tiger Team projects to maximize delivery based on the availability and utilization of the team members
- Works client facing on forensic update calls to ensure accurate updates are conveyed as they relate to the investigation
- Communicates both verbally and in writing to answer client and counsel questions related to the forensic investigation
- Supports the Tiger Team IR Director with delegating and managing the Senior Analysts and Analysts who report to Forensic Lead on their respective Tiger Team
- Conducts the performance reviews of all assigned forensic analysts Maintains a case load of at least two cases and conducts forensic analysis, in addition to other responsibilities
- Conducts final review of the report from the perspective of the forensic investigator ensuring all possible investigative questions were addressed in the analysis and requesting additional context or analysis when the report requires more work
- May perform other duties as assigned by management
SKILLS AND KNOWLEDGE
- Thorough knowledge of host-based forensics, network forensics, malware analysis and data breach response.
- Experience with EnCase, Axiom, X-Ways, FTK, SIFT, ELK, Redline, Volatility, and open source forensic tools
- Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell
- Experience in a security professional services consulting firm, preferred
- One or more Digital Forensic and Incident Response Certifications such as GCFE, GCFA, GNFA, GCTI, GREM, CHFI, CCE, CFC, EnCE, and CFCE, preferred
JOB REQUIREMENTS
- Bachelor's Degree and 8+ years of incident response or digital forensics experience or Master's Degree and 6+ years related experience or J.D. and 4+ years related experience
- Consulting experience, preferred
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
- No physical exertion required
- Travel within or outside of the state
- Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
FLSA OVERTIME CATEGORY
Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.