Forensic Analyst I

ROLES & RESPONSIBILITIES  

• Performs digital forensic analysis on Windows, Apple Mac, and Linux based operating systems, in addition to the analysis of networking appliances including but not to, VPN and firewall appliances
• Documents forensic findings in accordance with the standards set forth within the Arete Forensic Tracker and develop a master timeline and visual attack map of the events
• Identifies additional sources (systems, logs, etc.) to collect based on the analysis and identifies gaps based on the lifecycle of attack
• Works with the Security Operations Center (SOC) to leverage data from monitoring and alerts provided by installed applications and deployed EDR solutions to identify Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs) for variants related to case
• Delivers Forensics findings and updates to the team in a clear, concise manner through a narrative story outlining the timeline of events. Modifies delivery in-line with the call’s audience and technical capabilities
• Tracks findings and capture data points related to investigations to enhance and inform our threat intelligence
• Raises technical constraints and issues within the Forensics team to identify detail of the incident and escalate to Forensic leadership
• Maintains updated case analyst notes, the Forensic tracker, timeline and attack map for collaboration within the team in our centralized case location
• Drafts detailed updates regarding investigative findings and conclusions drawn from analysis regarding the timing and mechanism of the initial intrusion, adversary actions, timeline of activity/lateral movement, and indicators of data access and/or exfiltration
• Identifies, documents, and shares information such as critical IOCs or adversary TTP’s as they uncovered with the Incident Response, Threat Intel, and Security Operations teams
• Communicates identified IOCs to the Tiger Team in furtherance of the investigation, path to restoration/response, and for bolstering of Client’s security posture
• Employs the usage of incident-mapping frameworks such as MITRE’s ATT&CK and Lockheed Martin’s Cyber Kill Chain to help contextualize identified adversary actions/IOCs
• Produces written incident, investigative updates and reports at the explicit direction of counsel partners
• Communicates within the DFIR team and provide routine status updates within our case management platform
• Works with cross-functional teams and collaborate to leverage threat intel TTPS/IOC's, information from our SOC/Threat Hunting team, and updates from our Negotiations teams to leverage the intelligence as part of the incident
• Drafts reports and appendices based on the findings using the standard report templates
• Accurately track and record time for forensic analysis
• May perform other duties as assigned by management

SKILLS AND KNOWLEDGE  

• Deep understanding of Forensic artifacts, including (but not limited to) the analysis of operating system artifacts and the recovery of deleted items from multiple operating systems including Windows, Linux, Mac and RAM/memory forensics
• Experience analyzing network and operating system log files including Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
• Working knowledge of:
• Windows disk and memory forensics
• Network Security Monitoring (NSM), network traffic analysis, and log analysis
• Unix or Linux disk and memory forensic
• Experience and understanding of enterprise security controls
• Experienced with EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCP Dump, and other open-source forensic tools
• Experience delivering technical findings to a non-technical audience, preferred
• Provide findings in a confident, factual manner, preferred
• Knowledge and experience in handling PII, PHI, sensitive, confidential and proprietary datasets, preferred
• Experience with Cyber insurance investigations, preferred

JOB REQUIREMENTS

• Associate’s degree and 4+ years of incident response or digital forensics experience or Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field
• Possess One or more of the following Certifications
• Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. 

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

• No physical exertion required
• Travel within or outside of the state
• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA OVERTIME CATEGORY

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

EQUAL EMPLOYMENT OPPORTUNITY

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. 

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

 

 

When you join Arete…

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.