Incident Response and Forensics Analsyt Dell SecureWorks
Dell 2,013 reviews - Remote

This job posting is no longer available on Dell. Find similar jobs:Dell jobs

Security Analyst – Incident Response & Handling

The candidate selected for this position will have at least 10 years of experience working on active incidents either as an employee of or a consultant for a large company. The work will be performed on site at the customer location in Thousand Oaks California.

Essential Duties and Responsibilities:
  • At least 10 years active experience as part of an incident response team working as an IR Handler (either in-house or as a consultant)
  • Act as a Subject Matter Expert (SME) for incident response and forensics
Manage and perform incident response activities including:
Searching device and server logs. Locating malware on a computer Identifying the attack vector Remediating infected computer(s) Building a timeline showing how the incident unfolded. File carving Briefing customer on extent of incident and response strategy
  • Perform storage forensics (for example, hard drives, phones, USB storage)
  • Utilize Company-owned forensic tools (Encase, FTK, Helix, Wireshark, etc.) in the course of investigations
  • Utilize other Incident response tools such as Nmap, Wireshark and Snort,
  • Perform network storage forensics (for example, capturing network traffic for analysis)
  • Perform file-system analysis and file carving (for example, to extract email, documents, and other trace evidence)
  • Establish timelines and patterns of activity of individuals and electronic devices and software
  • Follow forensically sound practices, including preserving chain of custody
  • Consult with Company legal team on privacy, policy and compliance concerns
  • Develop companywide remediation plan of actions as a result of investigative discovery within
  • Company business and IT infrastructure
  • Adequately communicate with all key stakeholders to ensure both confidentiality of information and expedient evidence collection
Required Knowledge, Skills and Abilities
  • Experience managing large and small scale incidents
  • Experience leading digital forensic investigations
  • Working knowledge of forensic tools such as Encase, FTK, Helix, Knoppix, Slax, Sleuthkit, SIFT, BlackLight and/or MacForensicsLab
  • Familiarity with the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, 802.11 wireless, firewalls, routers, network protocols and architecture, databases, VPN/RAS, IDS/IPS
  • Understanding of risk-based frameworks
  • Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP, HIPAA, FISMA, ISO, COBIT, NIST
  • Broad information security knowledge and experience
  • Very good understanding of MS Windows architecture and design
  • Strong understanding of networking protocols such as RIP, EIGRP, OSPF, network tools such as Wireshark and Nmap and networking principles such as subnet masks, CIDR and spanning-tree protocol
  • CISSP credential
Preferred Knowledge and skills
  • Bachelor’s degree in Computer Science or related field
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Microsoft MCSE certification.
Social Skills
  • Good interpersonal communication skills.
  • Strong writing skills
  • Some management experience as a team lead is helpful. Candidate may be required to oversee other security staff

Life At Dell
Equal Employment Opportunity Policy

About this company
2,013 reviews
Since 1985, Dell has played a critical role in enabling more affordable and accessible technology around the world. As an end-to-end...