The Senior DFIR Analyst will provideexpert advice and guidance on all matters concerning digital forensics and incident response. This role will provide a professional service concerning data preservation, collection, processing & extraction, production & review as well as reporting & expert opinion in support of National Grid Cyber Security Operations Centre (CSOC) incident response as well as Legal, Business Conduct, and Labor Relations (HR) IT Investigations.
The Senior DFIR Analyst will be a subject matter expert in both e-Discovery and Cyber Security Incident Response investigations and will have sound knowledge in applying a vast array of cyber security and core DFIR tools. The primary role of the Senior DFIR Analyst is to provide a complete response to all DFIR tasks exercising sound application of the electronic discovery reference model (EDRM) in the case of e-discovery and applying skills, knowledge and experience to CSOC in all aspects of the incident response lifecycle
Key Accountabilities
Highly self-motivated requiring little onsite management guidance outside of the acclimation/orientation period
Provide a complete response to all DFIR tasks
Proactively provide technical mentoring to help others on the team, especially those who are junior Forensic and CSOC staff, in support of a sharing, positive, and inclusive environment with a view to enhancing the cyber response & investigation capabilities of the organization
Provide technical advice and guidance to the organization, including expert opinion on matters concerning e-discovery and post incident investigation.
Effectively engage organizational stakeholders across Security, Corporate Security & Legal to continuously improve investigation & response services
Develop and leverage advanced toolset to increase investigation & response capabilities.
Creation of professional looking business level process/procedure documentation and forensic reports
3+ year' work experience within CSOC incident response & e-Discovery Litigation.
Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.
Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
Knowledge of data science and interpretation of digital evidence.
Knowledge of criminal legislation impacting digital evidence.
Knowledge of data protection legislation and the rules governing personally identifiable information (PII).
Experience of report writing and providing expert witness testimony.
Ability to deconstruct and interpret program code, such as .NET framework PowerShell, JavaScript and Python.
Experience of malware reverse engineering
Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
3+ years of experience with the forensic analysis of Windows, Macintosh, and Linux operating systems as well as mobile platforms such as iOS and Android
Advanced user of Forensic applications: - Encase Endpoint Security, Nuix, Magnet Internet Evidence Finder, Linux Forensic boot disks such as SIFT, DEFT and Helix, mobile device data capture & analysis tools such as MSAB Complete and Cellebrite 4PC. Memory forensic capture & analysis tools such as Redline and Volatility.
Competent user of Endpoint Detection & Response (EDR) tools, Intrusion Detection & Prevention (IDP), Security Information & Event Management, Network Analysis Tools such as Wireshark malware reverse engineering sandboxes such as Cuckoo, Flare & REMNux
Qualifications
Technical qualifications should include but are not limited to:
- Degree in a computer related discipline
- EnCE and / or IACIS CFE or equivalent
- At least one of the following certifications: - SANS certified Forensic Analyst (GCFA), certified Forensic Examiner (GCFE), Reverse Engineering Malware (GREM), Network Forensic Analyst (NFA), Cyber Threat Intelligence (CTI) and Advanced Smartphone Forensics (ASF) or equivalent
National Grid
40 Sylvan Rd
Waltham
Massachusetts United States
www.nationalgridus.com
