As a Forensics Manager, candidate should perform both traditional and unconventional ways to detect, analyze, and mitigate potential intrusions and other security incidents. Candidates must be able to demonstrate strong problem solving skills, have experience in various toolsets and best practices, able to critically think, and allow for flexible scheduling.
Roles & Responsibilities:
· Significant knowledge of incident response processes.
· Significant knowledge of forensic tools and procedures.
· Strong ability to analyze information and data.
· Excellent problem-solving and conceptual thinking abilities, especially with technical troubleshooting.
· Strong communication skills with the ability to develop and maintain productive working relationships across multiple lines of business.
· Ability to manage multiple simultaneous responsibilities.
· Maintain team tools to support incident response and forensic procedures.
· Perform real-time computer security Incident Handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRT).
· Perform computer security incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations which enable expeditious remediation.
· Research and recommend forensic tools that improve productivity and accuracy of investigations.
· Provide highly technical examination, analysis and reporting of computer based evidence to include collecting and analyzing intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation potential computer security incidents within the enterprise.
· Effective and professionally secure handling and collection of digital evidence.
· Serve as technical experts and liaisons to other internal investigative and legal groups by providing hands-on.support in reviewing forensic analysis, reports, and data and collaborate with other local, national and international incident response teams as needed.
· Perform analysis of logs from a variety of sources within the enterprise, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs.
· Track and document incidents from initial detection through final resolution including documenting requests and activities in case management system (experience with using Resilient a plus).
· Coordinate with and provide expert technical support to resolve computer security incidents working with other information security specialists to correlate threat assessment data, as needed.
· Document new and update current program procedures providing guidance and reports on incident findings to appropriate constituencies.
· Familiarity with laws and regulations regarding security breach response procedures.
· Bachelor’s Degree in a technical discipline with a minimum of 8 years related technical experience is required for a level 3 role. An additional 2 years of experience may be substituted in lieu of a degree.
· At least 5 years of experience in incident response and digital forensics .
· Certification in CISSP or SANS GIAC or CFCE or CEH or CISA/CISM or CCSP, or CCNA/CCNP Security.
· 2 years of experience with SEIM or 1 year experience with SIEM products or 1 year experience with Splunk.
- SEIM: 2 years
- CISSP or SANS GIAC or CFCE or CEH or CISA/CISM or CCSP: 1 year
- incident response: 5 years
- IRM – Forensics Manager: 5 years