Incident Response Forensics Examiner Job Description

View Incident Response Forensics Examiner jobs

Incident Response Forensics Examiner Job Description Template

Our company is looking for a Incident Response Forensics Examiner to join our team.

Responsibilities:

  • Implementing integration/orchestration of existing and new forensic infrastructure and tools;
  • Popular operating systems (Windows, Mac, Linux, Android, etc.);
  • Operation understanding on reverse engineering malware;
  • Perform network, disk, system files and memory forensic analysis;
  • Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate;
  • Log analysis;
  • Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.);
  • Incident Response;
  • Networking (Firewalls, IDS/IPS, packet capture);
  • Perform custom analysis on (centralized) security event information to analyze incidents;
  • Must understand the life cycle of an Incident and tools used to determine root cause during an incident;
  • Perform as an Information Security SME in the following areas: Digital Forensics;
  • Perform as an Information Security SME in the following areas;
  • Digital Forensics.

Requirements:

  • SIEM;
  • Strong and recent experience with malware analysis and reverse engineering;
  • Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.);
  • Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, etc;
  • Threat Intelligence Platforms;
  • Strong Incident Handling experience;
  • Bachelors and/or Masters Degree in Engineering, Computers Science, or related field;
  • Experience with security operations tools, including but not limited to;
  • Link/relationship analysis (eg Maltego, IBM i2 Analyst Notebook);
  • Strong experience with popular OS architectures (eg Russinovich’s Windows Internals, Linux Kernel architecture, etc.);
  • Signature development/management (eg Snort rules, Yara rules);
  • Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook);
  • Strong experience with popular OS architectures (e.g. Russinovich s Windows Internals, Linux kernel architecture, etc.);
  • Signature development/management (e.g. Snort rules, Yara rules).