Security Digital Forensics Engineer

About the opportunity:
Cloud Security Services is seeking a Digital Forensics Engineer Consultant to support their Threat Management Team s objectives to provide forensics acquisition and analysis support across environments and support root cause analysis to improve security posture. This is a 6-month remote opportunity.
Responsibilities:

• Collect, process, analyze, interpret, preserve, and present digital evidence.
• Perform forensic triage of an incident to include determining scope, urgency and potential impact.
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports andwritten products.
• Document forensic analysis from initial participation through resolution.
• Document forensic workflows based on sound industry practice.
• Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity.
• Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
• Develop, document and refine procedures to accomplish discovery process requirements.
• Manage all chain of custody best practices associated with the rules of evidence.
• Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events.

Required Skills

• Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices.
• Forensics analysis background on following platforms and technologies:
  • Cloud (AWS, Azure, Google Cloud Platform)
  • Windows/Mac/Linux OS
  • Physical and virtual network devices and platforms
• Understanding of SaaS, PaaS,and IaaS.
• Analyze and characterize cyber-attacks unique to cloud.
• Skilled in identifying different classes of attacks and attack stages.
• Understanding of system and application security threats and vulnerabilities.
• Ability to document forensic workflows based on sound industry practice.
• Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods.
• Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (Google Cloud Platform), etc.
• Experiencewith examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity.
• Understanding of APIs and ability to leverage them for building integrations.
• Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools.
• Ability to write SQL to search data warehouse databases.
• Familiarity with the following tools:
  • Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open-source forensic tools
  • Security Incident and Event Monitoring (SIEM) andSecurity Orchestration, Automation & Response (SOAR)
  • Malware Analysis / Reversal Tools
  • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
  • Endpoint Detection & Response (EDR)
  • Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc.
• 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field.
• Proficient with host-based forensics and data breach response.
• Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience is a value add.
• Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner.
• Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches.
• Experience using industry standard forensic tools
• Experience preserving desktops, laptops, mobile devices/tablets, servers, both cloud and on-premises email implementations, nontraditional cloud data sources, social media, etc. in a forensically sound manner.
• Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical/non-technical clients.
• Ability to demonstrate superior organizational skills with acute attention to detail.
• Must be an energetic self-starter who can work within a team environment but also independently as the situation requires.
• Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems.
• Have experience working on incident response teams.
• Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together.
• Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior.
• Understand the NIST IR framework or competing IR lifecycle frameworks.
• Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident.
• Able to workindependently and identify areas of need in highly ambiguous and time-sensitive situations.
• Have familiarity with MITRE ATT&CK and/or D3FEND frameworks.
• Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response.
• Excellent analytical skills.
• Collaborative team worker both in person and virtually using WebEx or similar.
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint.
• Ability to work as liaison between business and information security / information technology.
• Flexibility to accommodate working across different time zones.
• Ability to work PST work hours.
• Excellent interpersonal communication skills with strong spoken and written English.
• Business outcomes mindset.
• Solid balance of strategic thinking with detailed orientation.
• Self-starter, ability to take initiative.
• Project management and organizational skills with attention to detail.

Preferred Skills

• Relevant industry security certifications such as CISSP, SANS GIAC (e.g.EnCE, GCIH, GNFA, GCFE, GCFA, GREM or additional tool-based certifications), AWS certifications (SAA, SAP, or SCS), etc.
• Familiarity with other security verticals such as:Incident Response, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive Security.
• Networking experience with LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP, and NSRP) routing protocols and technologies.
• Knowledge of detection tools, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty.
• Demonstrate how to execute common web application attacks like SQL Injection, XSS, CSRFExperience with IoT platforms, large-scale distributed systems, and/or client-server architectures.

Required Education

• Bachelor's degree (BA/BS) in Computer Science from four-year college or university; or equivalent training, education, and work experience. Cybersecurity certifications such as CISSP, CISM, etc.

Preferred Education

• Cybersecurity certifications such as CISSP, CISM, etc.