Forensic Analyst
4 weeks ago
Title: IT Security Analyst
What you'll do
The CSAA Cyber Defense Services Team is responsible for developing actionable intelligence on advanced cyber threats to our services and our customers.
We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures.
We then bring to bear that understanding to purposefully identify and mitigate malicious activity.
Specifically, candidates will perform digital forensics and security incident response activities, including but not limited to:
Effectively find and retrieve data from various operating systems including Windows, Linux, MacOS, Unix, and Android
Retrieving, cataloging, and safeguarding digital data related to cyber investigations
Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
Assist with creating security techniques and automation for internal use that enable the team to operate at high speed and broad scale
Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats
Pursue actionable intelligence on current threats as they relate to CSAA IG
Periodic on-call responsibilities
The successful candidate will be required to analyze indicators to generate actionable intelligence and insight into current threats. He or she will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities.
A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required.
Candidates should have a solid grasp of network and host-based indicators and how to best use them.
He or she should be able to script and help automate recurring tasks to improve the overall effectiveness of the team.
An understanding of operating systems internals will be an asset.
Knowledge, Skills and Abilities
Required:
Strong knowledge of recovering data from damaged or erased hard drives, tracing hacks, gathering and maintaining evidence, and writing and reviewing investigative reports.
Understanding of legal standards that guide criminal investigations.
Ability to work across a variety of technologies
Strong foundation in cloud-native investigative techniques and incident response methodologies
Strong understanding of authentication technologies and connectivity concepts
Experience with network, operating system, and application security tools sets
Firm understanding of cloud service models and a shared responsibility model (IaaS, PaaS, SaaS) across public cloud CSPs (AWS, GCP, Azure)
Experience in analyzing cloud provider logs (e.g. CloudTrail, Stackdriver, Azure Monitor Logs) to identify and respond to security events
Strong analytical, written, and verbal communication skills
Able to work with a changing schedule that includes standard or non-standard business hours of work
Ability to weigh business needs against security concerns and articulate issues to management
Solid understanding and technical expertise in security architecture
Education, Certifications and nice to haves:
BS degree in Computer Science, MIS, Computer Engineering, or 8+ years equivalent technology experience
6+ years of work experience in a Security Operations or equivalent role
4+ years of hands-on experience in responding to threats in public cloud (AWS, GCP, Azure)
6+ years of experience with tracking APT groups and other high-grade threats
6+ years of experience in system, network, and/or application security
6+ years of experience building automation
6+ years of experience with SQL or other query languages
Preferred:
Splunk ES (Security)
Splunk UBA
Splunk Phantom
GCIH Certification