Key Roles and Responsibilities:
Responsibilities:
Lead large scale incident response and threat hunting investigations that requires log, forensic and malware analysis.
Provide direct litigation support efforts by acquiring, analyzing, searching and producing electronic evidence for client legal counsel as well as serving as an expert witness as needed.
Perform full, partial, live or dead box acquisition in a forensically sound manner following evidence preservation and chain of custody procedures.
Conduct forensic data analysis from various electronic sources, including desktop computers, laptops, servers, and mobile devices.
Coordinate efforts with client incident response teams, management, and client third party vendors as we as NTT internal teams.
Prepare written communication and report for delivery to clients. Work with clients to assess their current incident response policies/capabilities and provide written and verbal feedback for improvement.
Develop and perform tabletop exercises with client incident response team to evaluate their capability to activate and follow their response plans and provide written and verbal feedback for improvement.
Develop and perform tabletop exercises with client c-level executives to assist them in formulating adequate response strategies and prepare them for some of the decisions that will need to be made at that level.
Develop curriculum and conduct training courses in network and application security; malware analysis and incident response for client consumption as well as internal team development.
Be a mentor and support technical development of Consultant in DFIR.
Experience, Skills, and Qualifications:
B.S. in Information Technology, Information Security or related technical discipline and 5+ years in digital forensic, malware analysis and incident response.
Experience in performing forensic analysis from Linux, Windows and Mac operating systems as well as various mobile platforms.
Have practical, hands-on experience and possess a good understanding of several common security tools, such as a SIEM, IDS, DLP, WAF, as well as host and network forensics tools.
Proven ability to address advanced threats targeting large enterprises, such as APT, and be well versed in the tools, tactics, and procedures used by such actors.
At least one of the following is required CISSP, GCIH, GCFA, CFCE, EnCE, CREST or other industry standard certifications.
Ability to work well independently as well as in a remote team environment.
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.