This position requires performing comprehensive IT security-related investigations and forensics; providing investigative services, assistance and consulting, and, coordinating with numerous groups which could be involved in responding to security incidents; IT misuse, abuse and fraud; and, conducting investigations into ethics & compliance issues, HR matters, and/or in support of administrative, civil and/or criminal matters, as well as conducting supplementary and follow-up investigative support; identifying, collecting, processing, analyzing and managing evidence lifecycle, conducting computer forensics, including imaging of media and hard drive analyst; performing reviews of activity logs and digital evidence, such as email, web usage, VPN, network activity, administrative access logs, and file reviews; develops, maintains, implements and/or delivers comprehensive Investigations & Forensics Team program and services; Produces, updates and/or maintains Investigations & Forensics Team policies, processes, and metrics and reporting; provides consultative input regarding the development of information security policies, standards, strategies and programs through demonstrated expertise and knowledge of industry trends and changes with respect to advanced and sophisticated cyber attacks and threats; participates in efforts, oversee work results, provide formal training and serve as a technical resource for Information Security team members in respect to IT security investigations and forensics; participates with and coordinates with other IT Security Functions and Corporate Functions; and, provides logs, reports, updates and other requested information pertaining to IT security investigations and forensics-related activities.
- Plan, coordinate and conduct IT security-related investigations and forensics involving IT systems, infrastructure and applications and/or to assist other Corporate Functions such as Legal, HR, Privacy, etc, consistent with company policies and all applicable laws and regulations, without causing negative impact to IT and business operations
- Utilize IT security investigation and forensic tools and techniques
- Develop recommendations for mitigation and remediation based on investigative findings. Produce audience-specific written reports, presentations and briefings.
- Obtain, develop and maintain investigative and forensic testing tools, scripts and documentation.
- Identifies, collects and analyzes IT security-related evidence from various sources and analyzes to establish the identity and modus operandi of suspects and malicious users active in the computing environment or posing potential threats to the computing environment. Provides guidance and assistance to peers in Cyber Defense functions, IT and/or business.
- Conducts industry research and technical evaluation of sources and vendor supplied intelligence–with specific emphasis on healthcare sector and advanced and sophisticated cyber tactics, techniques, and procedures for purposes of investigations/forensics activities
- Subject matter expert in investigations/forensics
- Performs detailed investigations and reports, research and analysis of open source information for purposes of investigations/forensics activities
- Aids in performing root cause analysis of incidents identified by third-party vendor, or internal systems and workforce. Once root cause is determined, proposes and participates in cross-departmental efforts, if required, to implement appropriate security enhancements, controls and solutions that will mitigate risk, as well as safeguard systems and data
- Prepares detailed audience-specific technical papers, presentations, recommendations, and findings
- Develops and maintains documentation regarding investigations/forensics activities and procedures
- Participates in the development of proposed design, configuration, and implementation of security incident/event monitoring and investigations/forensics architecture
- Serve as a subject matter expert for team members regarding investigations/forensics
Job Required Education/Experience
- 5 or more years of work experience in role involving IT Security Investigations/Forensics in a corporate setting
- Experienced using COTS and customizable investigations/forensics tools
- Bachelor’s degree in an IT related field or equivalent work experience
- Strong technical knowledge regarding Windows and Linux operating systems, and, secure hardening configurations; application and web application security; database security; network security
- Strong technical knowledge of security tools and controls with specific demonstrated experience associated with threat detection, mitigation, and resolution of advanced cyber attacks and/or threats
- Strong technical knowledge of security infrastructure including security firewalls, data loss prevention, encryption, and end point protection appliances
- In-depth knowledge of IT security investigations/forensics concepts, and principles and impact
- Experience working and managing security vendor performance and service level agreements
- Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
- Proven ability to work under stress in emergencies with flexibility to handle multiple high pressure situations simultaneously.
- Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
- Ability to manage tasks independently and take ownership of responsibilities
- Ability to learn from mistakes and apply constructive feedback to improve performance
- Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
- Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
- Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyber attacks
- High critical thinking skills required to evaluate complex, multi-sourced security intelligence information for purposes of investigations/forensics
- Security Certifications (e.g., CISSP)
Job Additional Education/Experience
- Background in law enforcement focused in IT investigations and forensics
- Experience with scripting and programming
- Relevant certifications, GCFA, CISSP, EnCE, CISA, GCFE, GCIH, CEH
External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.