The Senior Analyst, Forensicsleads the forensic analysis of projects assigned to the respective Tiger Team, collaborating with the tiger team and forensic leads to perform triage level analysis of the data collected (e.g., operating system files, images, SentinelOne, Logs, etc.), and perform deep-dive advanced forensic analysis.The Forensics team works with the Digital Forensics & Incident Response (DFIR) team to support Clients and provides the breadcrumbs needed to help identify the extent of the matter to aid in restoration of business operations during an incident. The team focuses on the identification of threat actor behavior, activity,while utilizing a tailored detailed analysis approach to identify the unauthorized access and how the cyber intrusion occurred. The DFIR team operates as an industry leader in Incident Response, and trusted advisor, to breach coaches and Insurance Carriers workingto support Clients and help restore business operations.
ROLES AND RESPONSIBILITIES
Works with the tiger team analysts to perform Forensic analysis of artifacts, including (but not limited to) the analysis of operating system artifacts and the recovery of deleted items from multiple operating systems including Windows, Linux, Mac, and RAM/memory forensics
Analyzesnetwork and operating system log files including Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
Works with the Security Operations Center (SOC) toleverage data from alerts provided by existing and deployed Endpoint Detection and Response (EDR) solutionsto identify Indicators of Compromise (IOCs) or Tactics, Techniques, and Procedures (TTPs)for variants related to case
Internally prepares Forensics findings and updatesin a clear, concise manner through a narrative story outlining the timeline of events - modifies delivery in-line with the call’s audience and technical capabilities.
Employs the usage of incident-mapping frameworks while developing the attack map such as MITRE’s ATT&CK and Lockheed Martin’s Cyber Kill Chain to help contextualize IOCs
Reviews and draftswritten incident, investigative updates, reports, and appendices as the explicit direction of counsel and partners based on the findings using the standard report templates.Performs Peer reviews of reports written by team members
Delivers on the Forensic Investigations plan & works with the lead to managethe timeline, delivery, and execution of the forensic analysis across projects.
May perform other duties as assigned by management
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
Experience and understanding of enterprise security controls.
Experienced with EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools
Experience delivering technical findings to a non-technical audience, preferred
Experience leading teams of analysts, preferred
Provide findings in a confident, factual manner, preferred
Knowledge and experience in handling PII, PHI, sensitive, confidential, and proprietary datasets, preferred
Experience with Cyber insurance investigations, preferred
Bachelor’s degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field and 4+ years of incident response or digital forensics experience or Master's or Advanced Degree and 3+ years related experience
Possess two or more of the following Certifications:
Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI, EnCe
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
Travel within or outside of state
Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.