Role and Responsibilities
Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
Work as a consultant for many Incident Retainer Program
Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
Strong understanding on threat hunting methodologies.
Strong experience in post-compromise assessment.
Ability to perform detailed forensics investigations;
Knowledge on DFIR tools – Autopsy, Encase, Access Data, FTK+, IDA etc.
Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
Provide resolution plans for system and network issues.
Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
Ability to write Incident Response Reports in accordance to international standards.
Qualifications
6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
Expert knowledge on threat hunting tools – commercial and open source
Familiarity with network tools such as Wireshark, tcpdump, libpcap.
Certifications
GCIA, GCIH, or CISSP Certifications
SANS Certified Forensic Examiner (GCFE)
Forensic/ Incident Response Professional
Industry Certification on Digital Forensics Tool
Send CV
If you meet the job requirements, please send your CV to
hr@dts-solution.com