Senior Analyst, Forensics
United States
Applications have closed
Arete
Arete is transforming the way businesses and governments manage cyber risk through proven incident response, tech-enabled managed services, and powerful data insights.SUMMARY
The Senior Analyst, Forensics leads the forensic analysis of projects assigned to the respective Tiger Team, collaborating with the team to perform triage level analysis of the data collected (e.g., operating system files, images, SentinelOne, Logs, etc.), and perform deep-dive advanced forensic analysis. The Forensics team works with the DFIR team to support Clients and provide the breadcrumbs needed to help identify the extent of the matter to aid in restoration of business operations during an incident. The team focuses on the identification of threat actor behavior, activity, while utilizing a tailored detailed analysis approach to identify the unauthorized access and how the cyber intrusion occurred. The DFIR team operates as an industry leader in Incident Response, and trusted advisor, to breach coaches and Insurance Carriers working to support Clients and help restore business operations.
ROLES AND RESPONSIBILITIES
Lead Forensics analysis to support engagements for Ransomware/compromise investigations.
Work with the team to foster and develop a deep understanding of Forensic artifacts, including (but not limited to) the analysis of operating system artifacts and the recovery of deleted items from multiple operating systems including Windows, Linux, Mac, and RAM/memory forensics.
Work with the team to analyze network and operating system log files including Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
Work with the Security Operations Center (SOC) to leverage data from alerts provided by existing and deployed EDR solutions to identify Indicators of Compromise (IOCs) or Tactics, Techniques, and Procedures (TTPs) for variants related to case.
Deliver Forensics findings and updates in a clear, concise manner through a narrative story outlining the timeline of events. Modify delivery in-line with the call’s audience and technical capabilities.
Employ the usage of incident-mapping frameworks while developing the attack map such as MITRE’s ATT&CK and Lockheed Martin’s Cyber Kill Chain to help contextualize IOCs.
Review and draft written incident, investigative updates, reports, and appendices as the explicit direction of counsel and partners based on the findings using the standard report templates. Perform Peer reviews of reports written by team members.
Deliver on the Forensic Investigations plan & manage the timeline, delivery, and execution of the forensic analysis across projects.
Monitor and track the Forensic budget and burn rate across multiple engagements.
Allocate Forensic resources to maximize delivery based on availability and utilization.
Anticipate customer needs, manages expectations, and provides services that are beyond customer expectations.
Identify opportunities for additional post-IR services based on findings. Utilize forensic findings and work with the DFIR team and customer to support the discussion on additional services.
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
SKILLS AND EXPERIENCE REQUIREMENTS
5+ years of incident response or digital forensics experience.
Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field.
Possess two or more of the following Certifications:
Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI, EnCe
Windows disk, Unix or Linux disk, and memory forensics.
Network Security Monitoring (NSM), network traffic analysis, and log analysis.
Experience and understanding of enterprise security controls.
Experienced with EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools.
PREFERRED QUALIFICATIONS
Experience delivering technical findings to a non-technical audience.
Experience leading teams of analysts.
Provide findings in a confident, factual manner.
Knowledge and experience in handling PII, PHI, sensitive, confidential, and proprietary datasets.
Experience with Cyber insurance investigations.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
No physical exertion required.
Travel within or outside of state.
Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects.
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
- #LI-HYBRID
- #LI-REMOTE
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CEH CHFI Computer Science Cyber Kill Chain DFIR EDR EnCase EnCE Firewalls Forensics GCED GCFA GCFE GCIH Incident response Linux Log analysis Log files Monitoring Network security NSM SANS SOC Splunk TTPs UNIX VPN Windows
Perks/benefits: Competitive pay Insurance Team events Travel
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs