Position Summary: The Information Security Forensics Engineer II is a member of the Information Security operations team that is responsible for performing forensic examinations and litigation discovery (eDiscovery). The candidate will employ a variety of forensic and data management tools to search, locate, copy, analyze, produce and report on Electronically Stored Information (ESI). The candidate will be able to work closely with other groups/departments such as Legal for eDiscovery, Cybersecurity Incident Response Team (CIRT) for Incident Response forensics, and Corporate Compliance for Investigations.
In addition to being a very effective communicator the candidate should have excellent analytical and problem solving skills related to host-based forensics, investigation techniques, network forensics, operating systems, applications/programming and mobile platforms.
- The candidate’s primary responsibilities will be performing collections of ESI in support of litigation using CenturyLink’s established forensic tools and techniques. The candidate will learn how to prepare the data for production and importing & managing in a review platform.
- The candidate would also work to support Compliance investigations by collecting, analyzing & producing forensic data including report writing, again using CenturyLink’s established processes and forensic tools and techniques.
- Candidates duties can expand into incident response forensics in support of the CenturyLink CIRT Team in the investigation of cyber attacks/events, internal bad actors, possible data breaches, etc.
- Assist in managing the process to electronically preserve hard drives for legal hold
As the candidate becomes proficient in basic areas here is a list of additional tasks a candidate may be expected to perform:
- Maintain a knowledge of forensic and anti-forensic techniques, modern hacker tools, methodology, and attack trends, when necessary conducting research to find, learn and deploy new forensic tools and techniques.
- Maintain forensic examination report documentation, participate in post-mortems, and write incident reports.
- Set up and maintain computers including application installs and troubleshooting over a variety of OS’es, most commonly Windows, Windows Server, Linux & Mac OS
- Maintain forensic lab systems, knowledgebase, indexes and databases.
- Perform forensic data collection and analysis on mobile devices (iOS, Android)
- Log and Track assets and data to maintain chain-of-custody for investigations and litigation.
- Undergraduate degree in computer science, engineering, or related field, or (preferred) 2+ years of relevant work experience.
- Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team oriented environment.
- Quick learner who can also share knowledge for the benefit of the team.
- Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
- Ability to learn, understand and employ techniques for analyzing complex data.
- Analytic and problem-solving skills related to computers, mobile devices, networking, operating systems and security practices.
- Basic knowledge of computer forensic investigations, litigation discovery (eDiscovery) & incident response
- Basic knowledge of computer networking and network analysis tools like Wireshark and PCAP analysis.
- Willingness to pursue, applicable professional/technical certifications, such as CISSP, EnCE, GIAC (SANS).
- Broad technical knowledge of current and emerging technologies
- 5+ years of work experience in computer security, computer and mobile device forensics, incident response, network analysis, log analysis, malware analysis or eDiscovery
- Thorough understanding of eDiscovery standards, concepts and procedures with an added plus if familiar with EDRM (Electronic Discovery Reference Model), FRCP (Federal Rules of Civil Procedure), legal hold preservation, and data spoliation
- Experience using forensic tools not limited to but including EnCase, Access Data FTK and other, open source forensic tools such as (but not limited to) The Coroner’s Toolkit (TCT), SANS SIFT Workstation, Remnux, Mandiant’s Redline/Memoryze, Volatility, Regripper, etc.
- Experience working with various operating systems including Windows, Mac, Linux, IOS and Android, with system administration experience a plus
- Experience with Encryption Technologies including Credant, Bitlocker, Pointsec, FileVault 2 and LUKS.
- Experience with memory acquisition and analysis
- Certifications: CISSP, EnCE,, SANS GIAC or related
- Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.
- Knowledge of HIPAA, SOX, PCI and other privacy and data handling regulations
- Experience in or knowledge of Legacy and VoIP Telecommunications technologies.
- Experience in large enterprise or carrier data centers and/or networks.