Post Classifieds

Digital Forensics Incident Response Engineer

Upload Resume (optional)

By clicking this button,
you agree to the terms of use


Request Technology - Anthony Honquest


Prestigious Organization is seeking an experienced DFIR candidate to perform intelligence-driven network defense supporting the Security Operations Center capabilities (Threat Intelligence, Threat Hunting, and Incident Monitoring/Response/Handling, et al.) The role involves forensic analysis of online and offline ( dead-box ) hosts and network logs associated with information security incidents discovered by the Threat Hunting and Monitoring capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, etc. in order to assist the role in contributing a near-complete technical understanding of information security incidents. The candidate will perform the functions of a digital forensics examiner and collaborate with other teams on-site in the Security Operations Center.

This position can be located in: Irving, TX, Charlotte, NC, Hudson, OH, or Northbrook, IL

Job Description

Primary Responsibilities:
Identify key data points regarding information security incidents, such as root-cause (vulnerability, delivery, and exploitation), attack methods and techniques, malware infection and persistence methods, etc.
Engage with Threat Intel/Hunting to learn and contribute to threat profiles and indicators of attack/compromise.
Enhancing the workflow by redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
Assist Threat Intel/Hunting in identifying and profiling threat actors and TTPs.
Reverse engineer malware.
Perform disk and memory analysis
Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.)
Implementing integration/orchestration of existing and new forensic infrastructure and tools.
Perform custom analysis on (centralized) security event information to analyze incidents.
Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate.

Perform as an Information Security SME in the following areas:
o Digital Forensics
o Incident Response
o Log analysis
o Popular operating systems (Windows, Mac, Linux, Android, etc.)
o Networking (Firewalls, IDS/IPS, packet capture)
o and others.
Providing mentorship and support to teammates and colleagues with regard to incident analysis.

Job Qualifications

Bachelors and/or Masters Degree in Engineering, Computers Science, or related field
5+ years overall technical experience in either DFIR, threat intelligence, incident response, security operations, or related technical information security field.
Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
Strong and recent experience with malware analysis and reverse engineering.
Strong experience with popular OS architectures (eg Russinovich's Windows Internals, Linux Kernel architecture, etc.)
Experience with security operations tools, including but not limited to:
o Threat Intelligence Platforms
o Link/relationship analysis (eg Maltego, IBM i2 Analyst Notebook)
o Signature development/management (eg Snort rules, Yara rules)
Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
Excellent analytical and problem solving skills, a passion for research and puzzle-solving.
Expert understanding of large, complex corporate network environments.
Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations.
Good organization and documentation skills
Leadership and mentorship skills

Desirable Criteria - This may be used where we have a high number of applicants
5+ years experience in application design/engineering/maintenance, including but not limited to programming/Scripting, Windows/Mac/Linux system administration, RDBMS/NoSQL database administration, etc.
2+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
Hobbyist experience in maker/hardware hacking, eg Raspberry Pi, Arduino, etc.
Experience with incident response workflow (or other case management ticketing ) tools such as RSA Archer, ServiceNow, Remedy, JIRA, Resilient, Best Practical Request Tracker, etc.
Obtained certifications in several of the following: SANS GIAC courses, CEH, CISSP, OSCP, or tool-specific certifications like EnCE, etc.
Scripting experience related to system administration, security operations, or forensics platforms (Python, Bash, Powershell, Perl, C/C++, EnScript)

Posted Date

Listing ID
Upload Resume (optional)

By clicking this button,
you agree to the terms of use

Related thenewsargus Jobs Listings


Should parents have the right to refuse measles vaccinations for their children?



Log In

or Create an account

Employers & Housing Providers

Employers can list job opportunities for students

Post a Job

Housing Providers can list available housing

Post Housing

Log In

Forgot your password?

Your new password has been sent to your email!

Logout Successful!

You just missed it! This listing has been filled.

Post your own housing listing on Uloop and have students reach out to you!

Upload An Image

Please select an image to upload
Note: must be in .png, .gif or .jpg format
Provide URL where image can be downloaded
Note: must be in .png, .gif or .jpg format