UTC is seeking an experienced incident response or digital forensics professional to join the Security Operations team. The Incident Forensics Analyst will perform a range of technical services; focused on operational security to identify threats, perform incident response, manage threat intelligence and improve processes.

Principal Responsibilities:

  • Analyze and investigate events using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine risk
  • Performs information security incident response and incident handling based on risk categorization and in accordance with established procedures
  • Conduct host based digital forensics on suspect devices
  • Assist in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation
  • Manage and integrate threat intelligence received from a variety of sources into the security monitoring framework
  • Research the latest vulnerabilities, exploits and other relevant threat information and trends
  • Collaborate and interact with peers and stakeholders across the Corporate and Business Unit information technology organizations
  • Rotational, after-hours operational support (on-call)
  • Perform other duties as assigned

Qualifications Candidates must possess:

  • Minimum 3 years working in Security Incident Response or Digital Forensics required
  • Excellent and demonstrated written and verbal communication skills; must be able to communicate technical details clearly and concisely with peers and all levels of management
  • Capability to think and operate independently and in a team environment with minimal supervision
  • Proactive and results driven mindset
  • Strong process orientation and ability to develop and follow standard work; attention to detail
  • Organizational skills to manage multiple competing priorities and deadlines in a fast-paced working environment
  • Proven ability to troubleshoot and solve technical issues

Candidate must have technical experience in the following areas:

  • Host based forensics using EnCase, FTK or other digital forensics tools
  • Network forensics using Tcpdump, Wireshark or other packet capture tools
  • Searching, interpreting and working with data from enterprise logging systems to include syslog, netflow and SIEM/SEIM platforms
  • Scripting languages such as Perl, Python and PowerShell
  • Malware sandboxes
  • Windows and Linux operating systems
  • Endpoint protection suites such as Symantec, McAfee, Carbon Black or Tanium
  • Systems or network architecture
  • Collection and management of threat intelligence

Must be a U.S. citizen or U.S. permanent resident and have the ability to obtain a U.S. DoD security clearance.

The following certifications considered an advantage:

  • GIAC Certified Forensic Analyst (GCFA)
  • EnCase Certified Examiner (EnCE)
  • Certified Computer Forensics Examiner (CCFE)
  • GIAC Certified Network Forensic Analyst (GNFA)
  • GIAC Certified Incident Handler (GCIH)

Education Bachelor or Master’s degree in Computer Science/Engineering, Information Systems or related field with a minimum of 6 to 10+ years’ experience.


. . . . . . . .

Leave a Reply