Digital Forensics and Incident Response Consultant
  • United Arab Emirates Dubai
  • DTS Solution
1 year before
31.12.2023
Investigate
Digital Forensics
Job Description

Role and Responsibilities

Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
Work as a consultant for many Incident Retainer Program
Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
Strong understanding on threat hunting methodologies.
Strong experience in post-compromise assessment.
Ability to perform detailed forensics investigations;
Knowledge on DFIR tools – Autopsy, Encase, Access Data, FTK+, IDA etc.
Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
Provide resolution plans for system and network issues.
Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
Ability to write Incident Response Reports in accordance to international standards.

Qualifications

6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
Expert knowledge on threat hunting tools – commercial and open source
Familiarity with network tools such as Wireshark, tcpdump, libpcap.

Certifications

GCIA, GCIH, or CISSP Certifications
SANS Certified Forensic Examiner (GCFE)
Forensic/ Incident Response Professional
Industry Certification on Digital Forensics Tool

Send CV
If you meet the job requirements, please send your CV to
hr@dts-solution.com

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0017   Knowledge of concepts and practices of processing digital forensic data.
  • K0122   Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
  • K0133   Knowledge of types of digital forensics data and how to recognize them.
  • K0134   Knowledge of deployable forensics.
  • K0167   Knowledge of system administration, network, and operating system hardening techniques.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0185   Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark).
  • K0255   Knowledge of network architecture concepts including topology, protocols, and components.
  • K0304   Knowledge of concepts and practices of processing digital forensic data.
Required Skills
  • S0032   Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
  • S0065   Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
  • S0069   Skill in setting up a forensic workstation.
  • S0071   Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
  • S0075   Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
  • S0087   Skill in deep analysis of captured malicious code (e.g., malware forensics).
Required Abilities
  • A0043  Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments.