Digital Forensics and Incident Response Analyst

Responsibilities:
- Perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc.
- Conduct in-depth investigations of cybersecurity incidents, identifying the root cause, the extent of the impact, and recommended actions for containment, eradication, and recovery, and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.
- Collaborate with cross-functional teams to gather information, coordinate incident response efforts, and communicate findings to relevant stakeholders, including management and legal teams.
- Perform digital forensics examinations on various digital devices (workstations, servers, mobile devices, etc.) to collect, analyze, and preserve evidence related to security incidents or policy violations.
- Develop/Update incident response plan, playbooks, process, and process documentation to ensure standardized incident response procedures.
- Participate in threat hunting activities, proactively seeking out and identifying potential security threats and weaknesses.
- Assist in implementing and fine-tuning security tools and technologies to enhance threat detection and incident response capabilities.
- Conduct training sessions and workshops to educate employees on cybersecurity best practices and incident response procedures
- At least 6 years relevant experience required
- Strong Incident Response Knowledge: Well-versed in incident response life cycle. Capable of conducting thorough investigations, analyzing collected data, and determining the scope, impact, and root cause of security incidents. Skilled at collaborating with incident response teams to provide timely remediation recommendations.
- Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework, including its various tactics, techniques, and procedures (TTPs). Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls.
- Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems (on-prem and cloud) and network infrastructures. Skilled at analyzing digital evidence, performing memory, disk, and network forensics, and extracting relevant artifacts to understand the nature of security incidents.
- Strong Understanding of Networking, Operating Systems, and Security Fundamentals: Possess a solid foundation in networking protocols, operating systems (Windows and Linux), and core security concepts. Understand how different components interact within an IT environment and their potential security implications.
- Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques. Able to analyze malware samples to understand their functionalities, persistence mechanisms, and potential impact on systems.
- Knowledge of Various Security Technologies: Well-versed in different security technologies such as SIEM (Security Information and Event Management), endpoint security solutions, network security devices, and email security systems.
- Familiar with their functionalities, deployment, and monitoring practices.
- Knowledge of Various Forensics Tools: Well-versed in different enterprise and open-source forensics tools such as FTK, Autopsy, Volatility, - - Eric Zimmerman's Tools, EnCase, Magnet Axiom, SIFT, REMnux, etc.
- Being knowledgeable in Mobile Forensics (Android and iOS) is a plus
- Being knowledgeable in Mobile Application analysis (Android and iOS) is a plus
- Being knowledgeable in Threat Intelligence Lifecycle and types of Threat Intelligence (Operational, Tactical, Strategic) is a plus
- Being knowledgeable in Threat Hunting methodologies and types of Threat Hunting (Threat Intelligence-driven, Security Incident Driven, - - - Hypothesis Driven, Compromise Assessment) is a plus
- Being knowledgeable in scripting languages (Python, PowerShell, etc.) to automate analysis is a plus
- Certification is a Plus: Possess relevant certifications in the field of cybersecurity, such as SANS GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCFE (GIAC Certified Forensic Examiner) or other industry-recognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.