-
Job Description:
- Perform selection, acquisition and preservation of forensic artifacts.
- Conduct forensic analysis to digital evidence of interest.
- Conduct incident root cause analysis.
- Write a technical report that details all the activities taken during digital forensic and/or incident handling, findings based on the forensic analysis conducted, root cause of the incident and recommendations to prevent from similar incidents to happen again.
- Write a summary report to the senior management.
Requirement:
- At minimum 3 years of experience in Digital Forensics and Incident Response related activities (computer forensics, mobile forensics, etc.).
- Completion of relevant formal or informal training in Digital Forensics and Incident Response.
- Certifications (product related, or vendor-neutral) will be an advantage.
- Knowledge and experience in cyber law/criminal investigation will be an advantage.
- Good knowledge of security features and forensic artifacts of workstation/server/mobile operating systems.
- Good knowledge of general networking and security concepts.
- Knowledge of the Incident Response (IR) cycle.
- Knowledge of the Cyber Kill Chain, TTPs, threat actor groups and IOCs.
- Experience in conducting disk and memory image acquisition, and analysis of specific OS and application artifacts using open source and/or commercial tools.
- Experience in conducting log analysis.
- Experience in one or more scripting, or programming languages (examples: Bash, PowerShell, Python, etc.)
- Solid analytical and investigative skills, attention to details.
- Ability to share technical concepts to both groups of technical and non-technical clients.
- Ability to prioritize tasks according to the business’ needs and schedule.
- Ability to work independent with minimal supervision.