Incident Response Forensics Examiner Job Description Template
Our company is looking for a Incident Response Forensics Examiner to join our team.
Responsibilities:
- Implementing integration/orchestration of existing and new forensic infrastructure and tools;
- Popular operating systems (Windows, Mac, Linux, Android, etc.);
- Operation understanding on reverse engineering malware;
- Perform network, disk, system files and memory forensic analysis;
- Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate;
- Log analysis;
- Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.);
- Incident Response;
- Networking (Firewalls, IDS/IPS, packet capture);
- Perform custom analysis on (centralized) security event information to analyze incidents;
- Must understand the life cycle of an Incident and tools used to determine root cause during an incident;
- Perform as an Information Security SME in the following areas: Digital Forensics;
- Perform as an Information Security SME in the following areas;
- Digital Forensics.
Requirements:
- SIEM;
- Strong and recent experience with malware analysis and reverse engineering;
- Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.);
- Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, etc;
- Threat Intelligence Platforms;
- Strong Incident Handling experience;
- Bachelors and/or Masters Degree in Engineering, Computers Science, or related field;
- Experience with security operations tools, including but not limited to;
- Link/relationship analysis (eg Maltego, IBM i2 Analyst Notebook);
- Strong experience with popular OS architectures (eg Russinovich’s Windows Internals, Linux Kernel architecture, etc.);
- Signature development/management (eg Snort rules, Yara rules);
- Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook);
- Strong experience with popular OS architectures (e.g. Russinovich s Windows Internals, Linux kernel architecture, etc.);
- Signature development/management (e.g. Snort rules, Yara rules).