Security Digital Forensics Engineer

About the opportunity:
Cloud Security Services is seeking a Digital Forensics Engineer Consultant to support their Threat Management Team s objectives to provide forensics acquisition and analysis support across environments and support root cause analysis to improve security posture. This is a 6-month remote opportunity.
Responsibilities:

• Collect process analyze interpret preserve and present digital evidence.
• Perform forensic triage of an incident to include determining scope urgency and potential impact.
• Conduct analysis of forensic images and available evidence in support of forensic write-ups for inclusion in reports andwritten products.
• Document forensic analysis from initial participation through resolution.
• Document forensic workflows based on sound industry practice.
• Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity.
• Support incident response engagements perform forensic investigations contain security incidents and provide guidance on longer term remediation recommendations.
• Develop document and refine procedures to accomplish discovery process requirements.
• Manage all chain of custody best practices associated with the rules of evidence.
• Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events.

Required Skills

• Solid understanding of the forensic lifecycle and scoping activities evidence acquisitions on a range of devices.
• Forensics analysis background on following platforms and technologies:
  • Cloud (AWS Azure Google Cloud Platform)
  • Windows/Mac/Linux OS
  • Physical and virtual network devices and platforms
• Understanding of SaaS PaaSand IaaS.
• Analyze and characterize cyber-attacks unique to cloud.
• Skilled in identifying different classes of attacks and attack stages.
• Understanding of system and application security threats and vulnerabilities.
• Ability to document forensic workflows based on sound industry practice.
• Understanding of proactive analysis of systems and networks to include creating trust levels and understanding cloud authentication methods.
• Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS) Microsoft Azure Google Cloud Platform (Google Cloud Platform) etc.
• Experiencewith examining compute storage network IAM Kubernetes serverless and other log sources to identify evidence of malicious activity.
• Understanding of APIs and ability to leverage them for building integrations.
• Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools.
• Ability to write SQL to search data warehouse databases.
• Familiarity with the following tools:
  • Forensics platforms such as EnCase FTK X-Ways SIFT Splunk Redline Volatility WireShark TCPDump and other open-source forensic tools
  • Security Incident and Event Monitoring (SIEM) andSecurity Orchestration Automation & Response (SOAR)
  • Malware Analysis / Reversal Tools
  • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire Palo Alto etc.
  • Endpoint Detection & Response (EDR)
  • Network sniffers and packet tracing tools such as DSS Ethereral tcpdump Wireshark etc.
• 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security Computer Science Digital Forensics Cyber Security or related field.
• Proficient with host-based forensics and data breach response.
• Hands-on experience with architecting building operating investigating and troubleshooting large and complex cloud environments DevSecOps experience is a value add.
• Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner.
• Experience with large-scale application administration and debugging Cloud Security Posture Management (CSPM) solutions or automation via scripting or cloud-native approaches.
• Experience using industry standard forensic tools
• Experience preserving desktops laptops mobile devices/tablets servers both cloud and on-premises email implementations nontraditional cloud data sources social media etc. in a forensically sound manner.
• Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical/non-technical clients.
• Ability to demonstrate superior organizational skills with acute attention to detail.
• Must be an energetic self-starter who can work within a team environment but also independently as the situation requires.
• Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems.
• Have experience working on incident response teams.
• Understand common threat actor tactics techniques and procedures (TTPs) and how they are chained together.
• Have experience leading threat hunts using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior.
• Understand the NIST IR framework or competing IR lifecycle frameworks.
• Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident.
• Able to workindependently and identify areas of need in highly ambiguous and time-sensitive situations.
• Have familiarity with MITRE ATT&CK and/or D3FEND frameworks.
• Understand major security compliance frameworks such as PCI SOC 2 and FedRAMP as they relate to incident monitoring and response.
• Excellent analytical skills.
• Collaborative team worker both in person and virtually using WebEx or similar.
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word Excel and PowerPoint.
• Ability to work as liaison between business and information security / information technology.
• Flexibility to accommodate working across different time zones.
• Ability to work PST work hours.
• Excellent interpersonal communication skills with strong spoken and written English.
• Business outcomes mindset.
• Solid balance of strategic thinking with detailed orientation.
• Self-starter ability to take initiative.
• Project management and organizational skills with attention to detail.

Preferred Skills

• Relevant industry security certifications such as CISSP SANS GIAC (e.g.EnCE GCIH GNFA GCFE GCFA GREM or additional tool-based certifications) AWS certifications (SAA SAP or SCS) etc.
• Familiarity with other security verticals such as:Incident Response Threat Intelligence Threat Detection Application Security Cloud Security Offensive Security.
• Networking experience with LAN/WAN routing and high availability (OSPF BGP4/iBGP EIGRP and NSRP) routing protocols and technologies.
• Knowledge of detection tools for example: Nessus Qualys OSSEC Osquery Suricata Threatstack AWS Guard Duty.
• Demonstrate how to execute common web application attacks like SQL Injection XSS CSRFExperience with IoT platforms large-scale distributed systems and/or client-server architectures.

Required Education

• Bachelor's degree (BA/BS) in Computer Science from four-year college or university; or equivalent training education and work experience. Cybersecurity certifications such as CISSP CISM etc.

Preferred Education

• Cybersecurity certifications such as CISSP CISM etc.