Computer network investigations, and diagnostics of computer networks, network analysis, network threats and risks, incident response, and database research.
Collaborate with SOC and Threat Intelligence teams to continuously improve our detection and response capabilities.
Demonstrates expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident/investigations.
Experience and proficiency with any of the following: Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics.
Develop and ensure capabilities of forensic tools and infrastructure are optimized.
Experience with malware analysis concepts and methods.
Familiarity or experience with Volatility, Encase Forensic Software, other analysis tools.
Familiarity with MITRE ATT&CK framework.
Knowledge of Virtualization and Cloud security.
Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems.
Skills and experience:
6+ Years’ working experience with digital forensics investigations;
6+ Years’ Experience with computer network exploitation, construction, and diagnostics of computer networks, network analysis, network threats and risks, incident response, and database research;
Expertise in networking fundamentals (TCP/IP, Network Layers, etc.);
Automation experience is a desirable;
Experience defining and supporting complete eDiscovery processes ensuring repeatability and defensibility of collections and processes;
Advanced understanding of computer hardware and operating systems;
Experience in Security Operations;
Ability to organize and effectively present technical information to a non-technical audience, including the results of analysis or status of a project;
Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.);
Basic programming skills in various disciplines including scripting languages;
GCIA certification is preferred.