an IR Handler (either in-house or as a consultant)
- At least 10 years active experience as part of an incident response team working as
Manage and perform incident response activities including:
- Act as a Subject Matter Expert (SME) for incident response and forensics
course of investigations
- Searching device and server logs.
- Locating malware on a computer
- Identifying the attack vector
- Remediating infected computer(s)
- Building a timeline showing how the incident unfolded.
- File carving
- Briefing customer on extent of incident and response strategy
- Perform storage forensics (for example, hard drives, phones, USB storage)
- Utilize Company-owned forensic tools (Encase, FTK, Helix, Wireshark, etc.) in the
- Utilize other Incident response tools such as Nmap, Wireshark and Snort,
- Perform network storage forensics (for example, capturing network traffic for
documents, and other trace evidence)
- Perform file-system analysis and file carving (for example, to extract email,
- Establish timelines and patterns of activity of individuals and electronic devices
discovery within Company business and IT infrastructure
- Follow forensically sound practices, including preserving chain of custody
- Consult with Company legal team on privacy, policy and compliance concerns
- Develop companywide remediation plan of actions as a result of investigative
confidentiality of information and expedient evidence collection
- Adequately communicate with all key stakeholders to ensure both
Required Knowledge, Skills and Abilities
Sleuthkit, SIFT, BlackLight and/or MacForensicsLab
- Experience managing large and small scale incidents
- Experience leading digital forensic investigations
- Working knowledge of forensic tools such as Encase, FTK, Helix, Knoppix, Slax,
platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory,
- Familiarity with the following technologies: Active Directory, Virtualization
802.11 wireless, firewalls, routers, network protocols and architecture,
databases, VPN/RAS, IDS/IPS
HIPAA, FISMA, ISO, COBIT, NIST
- Understanding of risk-based frameworks
- Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP,
tools such as Wireshark and Nmap and networking principles such as subnet
- Broad information security knowledge and experience
- Very good understanding of MS Windows architecture and design.
- Strong understanding of networking protocols such as RIP, EIGRP, OSPF, network
masks, CIDR and spanning-tree protocol.
- Bachelors degree in Computer Science or related field
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- Microsoft MCSE certification.
- CISSP credential
Experis - 23 months ago
Transforming challenges into opportunity. Accelerating careers. Propelling business growth. Few companies can match Experis’ scope,...