Forensic Analyst I
Hyderabad
Arete
Arete is transforming the way businesses and governments manage cyber risk through proven incident response, tech-enabled managed services, and powerful data insights.ROLES & RESPONSIBILITIES
- Performs digital forensic analysis on Windows, Apple Mac, and Linux based operating systems, in addition to the analysis of networking appliances including but not to, VPN and firewall appliances
- Documents forensic findings in accordance with the standards set forth within the Arete Forensic Tracker and develop a master timeline and visual attack map of the events
- Identifies additional sources (systems, logs, etc.) to collect based on the analysis and identifies gaps based on the lifecycle of attack
- Works with the Security Operations Center (SOC) to leverage data from monitoring and alerts provided by installed applications and deployed EDR solutions to identify Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs) for variants related to case
- Delivers Forensics findings and updates to the team in a clear, concise manner through a narrative story outlining the timeline of events. Modifies delivery in-line with the call’s audience and technical capabilities
- Tracks findings and capture data points related to investigations to enhance and inform our threat intelligence
- Raises technical constraints and issues within the Forensics team to identify detail of the incident and escalate to Forensic leadership
- Maintains updated case analyst notes, the Forensic tracker, timeline and attack map for collaboration within the team in our centralized case location
- Drafts detailed updates regarding investigative findings and conclusions drawn from analysis regarding the timing and mechanism of the initial intrusion, adversary actions, timeline of activity/lateral movement, and indicators of data access and/or exfiltration
- Identifies, documents, and shares information such as critical IOCs or adversary TTP’s as they uncovered with the Incident Response, Threat Intel, and Security Operations teams
- Communicates identified IOCs to the Tiger Team in furtherance of the investigation, path to restoration/response, and for bolstering of Client’s security posture
- Employs the usage of incident-mapping frameworks such as MITRE’s ATT&CK and Lockheed Martin’s Cyber Kill Chain to help contextualize identified adversary actions/IOCs
- Produces written incident, investigative updates and reports at the explicit direction of counsel partners
- Communicates within the DFIR team and provide routine status updates within our case management platform
- Works with cross-functional teams and collaborate to leverage threat intel TTPS/IOC's, information from our SOC/Threat Hunting team, and updates from our Negotiations teams to leverage the intelligence as part of the incident
- Drafts reports and appendices based on the findings using the standard report templates
- Accurately track and record time for forensic analysis
- May perform other duties as assigned by management
SKILLS AND KNOWLEDGE
- Deep understanding of Forensic artifacts, including (but not limited to) the analysis of operating system artifacts and the recovery of deleted items from multiple operating systems including Windows, Linux, Mac and RAM/memory forensics
- Experience analyzing network and operating system log files including Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
- Working knowledge of:
- Windows disk and memory forensics
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Unix or Linux disk and memory forensic
- Experience and understanding of enterprise security controls
- Experienced with EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCP Dump, and other open-source forensic tools
- Experience delivering technical findings to a non-technical audience, preferred
- Provide findings in a confident, factual manner, preferred
- Knowledge and experience in handling PII, PHI, sensitive, confidential and proprietary datasets, preferred
- Experience with Cyber insurance investigations, preferred
JOB REQUIREMENTS
- Associate’s degree and 4+ years of incident response or digital forensics experience or Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field
- Possess One or more of the following Certifications
- Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI.
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
- No physical exertion required
- Travel within or outside of the state
- Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
FLSA OVERTIME CATEGORY
Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CEH CHFI Computer Science Cyber Kill Chain DFIR EDR EnCase Firewalls Forensics GCED GCFA GCFE GCIH Incident response Linux Log analysis Log files Monitoring Network security NSM SANS SOC Splunk Threat intelligence TTPs UNIX VPN Windows
Perks/benefits: Competitive pay Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs