Senior Digital Forensics and Incident Response Consultant

Telescope Recruitment • Plano, TX, US • $150k - $170k / year • 1m ago

Our employer, a leading Cybersecurity company, is seeking a Senior Digital Forensics and Incident Response Consultant (Hybrid - Plano, Texas, United States).

Our client is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, they consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Their team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.

This role is remote but requires the ability to travel on short notice to a client site up to 25%. Must maintain flexibility to travel frequently within 24-48 hours' notice for deployments typically 1-2 weeks in duration.
Weekly working hours: might work 50 hours (Extra time will be paid at time and a half)

The compensation package is as follows:

Competitive Base (150-170k USD)
10% Annual Bonus
3 weeks of Paid Vacation
3 paid wellness days per year
Monthly cell/internet reimbursement
Opportunity to earn time in lieu or an extra variable performance bonus (when working after hours/weekends, etc)
Fast-growing company, amazing team, great culture.

Core Responsibilities:

Engage in incident response tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams.
Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems.
Assist with Windows forensics and triage to assess compromise and investigations.
Familiarity with malware analysis tools and methodologies.
Apply mitigation strategies and concepts to remediate identified threats.
Analyze triage collections/artifacts for indicators of compromise (IOCs) and potentially malicious activity.
Review logs from host systems and appliances to identify suspicious activities.
Collect forensic disk and memory images from physical and virtual endpoints and servers.
Understanding of an incident lifecycle and cyber-kill-chain.
Correlate events and build timelines of events.
Maintain current knowledge on emerging threats and vulnerabilities.
Analyze files for IOCs using various techniques.

Technical Requirements:

8+ years of experience in digital forensics, incident response, or a similar role.
Knowledge of Windows and Unix/Linux operating systems.
Understanding of the functionality of EDR / EPP technologies.
Familiarity with forensic acquisition and analysis of physical and virtual systems.
Working knowledge of storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS.
Ability to analyze and interpret logs from various sources.
Ability to perform threat research and analyze current threats.
Understanding of business email compromise (BEC) cases and investigation techniques.
Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed.

Business Responsibilities:

Maintain current knowledge of information security, incident response techniques, emerging threats, and tools.
Work independently and produce high-quality deliverables with minimal supervision.
Exhibit strong customer service and consulting skills.
Adhere to client and internal policies, procedures, and security practices.
Maintain detailed notes and draft updates and reports as required.
Remain calm, composed, and articulate in tough customer situations.
Exhibit excellent relationship management and communication skills.

Preferred Skills:

Understand obfuscation techniques used to conceal malicious commands and traffic, and lateral movement strategies employed by threat actors.
Familiarity with exfiltration techniques used by threat actors.
Knowledge of SIEM and SOAR solutions.
Experience with e-discovery tools and methodologies.
Proficiency in collecting and analyzing data from mobile devices/cell phones.
Industry certifications such as MCFE, ENCE, ACE, GCFA, GCIH, GNFA, GCFE or similar are a plus.