Digital Forensics Incident Response Consultant

About the position Responsibilities • Perform incident response and digital forensic activities for PS engagements. • Deliver and execute PS engagements focused on helping customers manage and investigate cybersecurity incidents. • Conduct log reviews including structured (CSV, TSV, JSON) and unstructured (syslog) data. • Perform Windows, Linux, Mac, and mobile forensics investigations. • Utilize SIEM solutions such as Splunk, Sentinel, ELK for investigations. • Engage in threat hunting using EDR solutions such as CrowdStrike, SentinelOne, Trend Micro. • Apply Microsoft cloud skills such as M365 and/or Azure. • Utilize AWS cloud skills such as GuardDuty, CloudWatch, IAM, WAF. • Conduct global or onsite security assessments, possibly working in customer's office/environment. • Attend periodical meetings to discuss ongoing security initiatives and their progress. • Advise and work on security initiatives alongside the customer. Requirements • Bachelor's degree or four or more years of work experience. • Four or more years of relevant work experience in a cybersecurity capacity. • Experience responding to cybersecurity incidents, triaging, and/or investigating cybersecurity incidents. Nice-to-haves • One or more technical certifications in areas such as incident handling, forensic analysis, reverse malware engineering or forensic tool-specific training. • Experience working in an enterprise environment. • Experience working with clients to proactively provide cybersecurity services (tabletops, incident response training, etc.). • Experience in network infrastructure, communication protocols, and network log analysis. • Experience in packet capture and TCP/UDP traffic flow analysis. • Knowledge of computer exploitation methodologies. • Current information security solutions and technologies, including network and host based products. • Experience in using forensic tools such as EnCase, FTK, Sleuth Kit, Volatility, Axiom, Cellebrite, Black Light, X-Ways, or similar. • Experience in SIEM, EDR, IDS, and DLP technologies, memory and volatile data analysis. • Knowledge of enterprise cloud infrastructure (AWS, G-Suite, O365, Azure, etc.). • Knowledge of Command line tooling (grep, sed, awk, powershell, etc.). • Ability to function in a dynamic environment, managing multiple priorities and deadlines. • Ability to make recommendations to remediate complex security threats. • Ability to synthesize data from multiple sources and present concise, relevant information to non-technical audiences. • Excellent communication skills with the ability to present to a variety of audiences. • Ability to set and manage competing expectations and priorities with technical and senior stakeholders. • Strong analytic, qualitative and quantitative reasoning skills. • Strong creative problem-solving abilities and ability to share knowledge with colleagues. Benefits • Hybrid work environment with defined work location including work from home. • Minimum eight assigned office days per month. Apply tot his job Apply To this Job