Incident Response/Forensic Analyst

Incident Response/Forensic Analyst (Security Engineer)

Ecolab is currently seeking an Incident Response/Forensic Analyst to join our IT Security group in either Eagan, Minnesota or Naperville, Illinois. The Incident Response/Forensic Analyst will be responsible for investigation and analysis of Cyber Security Threats. The Incident Response/Forensic Analyst conducts advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, and other incidents. This role works with the Security Operation Center in rapidly responding to cyber incidents while working in a multiple-team environment. This position also works with IT and other business departments to identify root cause and develop corrective and preventive measures. Additionally this position works with the Incident Response Lead to improve the security stance and incident response capabilities of the organization.

Main Responsibilities:

  • Participate in the Information Security Incident Response process
  • Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, etc.
  • Participate in threat hunting activities to proactively search for threats in the enterprise environment
  • Employ best practices and forensically sound principals such as evidence handling and chain of custody
  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
  • Assist in identifying and remediating gaps as identified throughout the investigation
  • Review log-based data, both in raw form and utilizing SIEM or aggregation tools
  • Prepare reports by collecting, analyzing, and summarizing trends
  • Establish timelines and patterns of activity based on multiple data sources
  • Manage effective liaison relationships with other IT groups, vendors, and business departments
  • Research and maintain a deep understanding of current and emerging technologies and Cyber Security solutions
  • Maintain technical knowledge within areas of expertise via formal training and self-education

Basic Qualifications:

  • 1+ years of Cyber Security experience
  • Experience working with information security incident handling and investigation procedures
  • Experience with conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation and related incident investigations

Preferred Qualifications:

  • Technical skills proficiency in the following areas: security information event management, network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection
  • Excellent teamwork skills and the ability to successfully interface with other organizational groups
  • Excellent oral and written communication and presentation skills
  • A passion for research, and uncovering the unknown about cyber security threats and threat actors
  • Certifications : CISSP, CEH, CCFP, SANS certification(s)
  • Prior experience as a temp/contractor with Ecolab

A trusted partner at more than one million customer locations, Ecolab (ECL) is the global leader in water, hygiene and energy technologies and services that protect people and vital resources. With 2016 sales of $13 billion and 48,000 associates, Ecolab delivers comprehensive solutions and on-site service to promote safe food, maintain clean environments, optimize water and energy use and improve operational efficiencies for customers in the food, healthcare, energy, hospitality and industrial markets in more than 170 countries around the world. For more Ecolab news and information, visit


. . . . . . . .

Leave a Reply