33 applicants

Company

Original Job Post

Arete · 4 days ago

DFIR Cyber Operations Forensics Lead

United States

Full-time

Remote

Senior Level

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

ComputerCyber Security

Insider Connection @Arete

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Oversees Forensics analysis and supports multiple Tiger Teams and engagements for matters beyond Ransomware/BEC matters.

Leads investigations for projects beyond Ransomware and BEC including Cloud, insider threat, and advisory/Enterprise Incident Response (EIR) matters.

Works with the Forensic members of the Tiger Team to ensure digital forensic analysis of Windows, Apple Mac, and Windows based operating systems, in addition to the analysis of networking appliances including but not limited to, VPN and firewall appliances is performed in an efficient and timely manner.

Provides forensic data and artifact collection requests based on the investigative approach to ensure the data is collected and made available for forensic analysis with limited impact.

Leads delivery of findings for a Tiger Team working in conjunction with the Senior Analyst to provide oversight across multiple additional Tiger Teams, while taking on leadership responsibilities related to the delivery across the additional multiple Tiger Teams.

Reviews scoping call notes and case background for situational awareness from the start of every engagement.

Drives the forensic investigation forward ensuring the right data is collected and analysis questions are answered to tell the narrative story of how the threat actor compromised the client’s network and environment.

Works with the Tiger Team to understand the nature of issues, potential risk to Counsel, Carrier, and Client relationships.

Collaborate and leverage threat intel Tactics, Techniques, and Procedures (TTPs)/Indicators of Compromise (IOCs), information from our Security Operations Center (SOC)/Threat Hunting team, and updates from our Negotiations teams as part of the incident.

Supports the Director, as a Forensic Subject Matter Expert (SME) for all active forensic analysis for projects on the assigned Tiger Team.

Maintains target utilization for members of the Tiger Team that comes from client billable work including forensic analysis, participating in client update or forensic scoping and update findings calls, client correspondence related to forensic analysis, data collection, or investigative questions verbally or in writing.

Initiates and manages the forensic data collection process in support of the forensic investigation for the assigned engagement.

Ensures the forensic project timeline is on track, daily updates are provided from the assigned analysts to the IR Director, and Analyst SLAs are met (i.e. report is delivered on time, interim and final updates are provided on-time when asked)

Delivers Forensics findings and updates to support the Tiger Teams and Senior Analysts as needed due to conflicts or time-off in a clear, concise manner while adjusting communication content and style to meet the needs of diverse stakeholders

Ensures assigned analysts have the data, context, and clarity they need to conduct accurate and timely analysis.

Works with Senior Analyst to deliver on the Forensic Investigations plan & manages the delivery timeline delivery across the projects

Monitors and tracks the Forensic budget and budget burn rate across multiple engagements

Allocates Forensic Tiger Team and Tiger Team Pool resources to the Tiger Team projects to maximize delivery based on the availability and utilization of the team members

Works client facing on forensic update calls to ensure accurate updates are conveyed as they relate to the investigation

Communicates both verbally and in writing to answer client and counsel questions related to the forensic investigation

Supports the Tiger Team IR Director with delegating and managing the Senior Analysts and Analysts who report to Forensic Lead on their respective Tiger Team

Conducts the performance reviews of all assigned forensic analysts Maintains a case load of at least two cases and conducts forensic analysis, in addition to other responsibilities

Conducts final review of the report from the perspective of the forensic investigator ensuring all possible investigative questions were addressed in the analysis and requesting additional context or analysis when the report requires more work

May perform other duties as assigned by management

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Host-based ForensicsNetwork ForensicsMalware AnalysisData Breach ResponseEnCaseAxiomX-WaysFTKSIFTELKRedlineVolatilityScripting LanguagePerlPythonBashPowerShellSecurity ConsultingDigital ForensicIncident ResponseGCFEGCFAGNFAGCTIGREMCHFICCECFCEnCECFCE

Required

Bachelor's Degree and 8+ years of incident response or digital forensics experience or Master's Degree and 6+ years related experience or J.D. and 4+ years related experience

Thorough knowledge of host-based forensics, network forensics, malware analysis and data breach response.

Experience with EnCase, Axiom, X-Ways, FTK, SIFT, ELK, Redline, Volatility, and open source forensic tools

Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell