Senior Forensics And Investigations Specialist

Description:

We have a client in the Financial Services sector looking for a Senior CSIRT Forensics and Investigations Specialist to join their team. In this role you will perform deep dives on complex events, providing point of entry, data exfiltration, and root cause analysis, or process breakdown on these events and their impact on the company. You will actively hunt for malware in active investigations. You will provide updates to relevant company partners and remediation strategies for immediate containment or to mitigate future attacks.

Responsibilities:

• Support and partner with information security investigations and Incident Response teams during active incidents. Participate in bridges and war rooms.

• Owning, defining, and building the end-to-end information security incident response capability within the organization.

• Prepare strategic updates and vision documents, briefings, and reports, and demonstrates excellent communication skills and executive presence in presentations to executives and other stakeholders.

• Provide executive level updates, written and verbally, on current and past cyber incidents. Explain complex technical concepts in business terms.

• Build and maintain metrics and playbooks for the team.

• Proposing and implementing new strategies for non-standard activities.

• Support the client's model for investigations and forensics across multiple regions globally.

• Oversee the monitoring, identification, and resolution of security incidents to detect threats through analysis, investigations and prioritization of incidents based on risk/exposure.

• Reviewing investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the company in the improvement and maintenance of a robust response to new threats and attack vectors.

• Interacting with different teams to create interaction model for better alignment and coordination for security incident.

• Providing recommendations for process improvements which team can benefit.

• Act as a delegate for the team by contributing in new project's Software development lifecycle.

• Produce KPIs, SLA's and other metrics for the team.

• Act as an owner during incident calls and provide technical expertise.

• Produce presentations and documentation which can be consumed by the management

Experience:

• 7+ years of relevant experience - including incident response, malware analysis, TIER2/3 SOC.

• Experience as a leader or manager, and people-focused view on how to accomplish goals and outcomes and track record of driving successful outcome

• Experience working with EDR tools is required.

• Solid understanding of SIEM-based detection use-cases and SIEM solution such as Splunk, Azure Sentinel is required.

• Experience conducting log analysis of Windows Event Logs, Apache, IIS, firewall and WAF logs is required.

• EnCe certification and/or experience with EnCase is a strong plus.

• Experience in scripting (Python, PS) is a strong plus.

• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure is preferred.

• Computer Science degree is preferred.

• GCFA, GCIH or equivalent is preferred.

• Knowledge of: FTK, Axiom, and malware analysis tools is preferred.

• CISSP or equivalent is a plus.

• Prior experience working in the Financial Services sector is a plus.

• Excellent communication and organizational skills, including the ability to present options in business terms to both IT and business staff including executives.