Digital Forensics And Incident Response yst

Job Description:
A DFIR Analyst is a highly skilled member of ATCP Security Cyber Response Team entrusted with the crucial responsibility of responding investigating and mitigating cybersecurity incidents as well as conducting digital forensics examinations to collect examining and analyzing critical digital evidence.

Responsibilities:

• Perform incident response to cybersecurity incidents including but not limited to APT & Nation State attacks Ransomware infections and Malware outbreaks Insider Threats BEC DDOS Security and Data breach etc.
• Conduct indepth investigations of cybersecurity incidents identifying the root cause the extent of the impact and recommended actions for containment eradication and recovery and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.
• Collaborate with crossfunctional teams to gather information coordinate incident response efforts and communicate findings to relevant stakeholders including management and legal teams.
• Perform digital forensics examinations on various digital devices (workstations servers mobile devices etc.) to collect analyze and preserve evidence related to security incidents or policy violations.
• Develop/Update incident response plan playbooks process and process documentation to ensure standardized incident response procedures.
• Participate in threat hunting activities proactively seeking out and identifying potential security threats and weaknesses.
• Assist in implementing and finetuning security tools and technologies to enhance threat detection and incident response capabilities.
• Conduct training sessions and workshops to educate employees on cybersecurity best practices and incident response procedures

Qualifications:

• At least 6 years relevant experience required
• Strong Incident Response Knowledge: Wellversed in incident response life cycle. Capable
  of conducting thorough investigations analyzing collected data and determining the scope impact and root cause of security incidents. Skilled at collaborating with incident response teams to provide timely remediation recommendations.
  
• Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework including its various tactics techniques and procedures (TTPs). Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls.
• Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems (onprem and cloud) and network infrastructures. Skilled at analyzing digital evidence performing memory disk and network forensics and extracting relevant artifacts to understand the nature of security incidents.
• Strong Understanding of Networking Operating Systems and Security Fundamentals: Possess a solid foundation in networking protocols operating systems (Windows and Linux) and core security concepts. Understand how different components interact within an IT environment and their potential security implications.
• Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques. Able to analyze malware samples to understand their functionalities persistence mechanisms and potential impact on systems.
• Knowledge of Various Security Technologies: Wellversed in different security technologies such as SIEM (Security Information and Event Management) endpoint security solutions network security devices and email security systems.
• Familiar with their functionalities deployment and monitoring practices.
• Knowledge of Various Forensics Tools: Wellversed in different enterprise and open
  source forensics tools such as FTK Autopsy Volatility Eric Zimmermans Tools EnCase
  Magnet Axiom SIFT REMnux etc.
  
• Being knowledgeable in Mobile Forensics (Android and iOS) is a plus
• Being knowledgeable in Mobile Application analysis (Android and iOS) is a plus
• Being knowledgeable in Threat Intelligence Lifecycle and types of Threat Intelligence
  (Operational Tactical Strategic) is a plus
  
• Being knowledgeable in Threat Hunting methodologies and types of Threat Hunting (Threat
  Intelligencedriven Security Incident Driven Hypothesis Driven Compromise Assessment)
  is a plus
  
• Being knowledgeable in scripting languages (Python PowerShell etc.) to automate
  analysis is a plus
  
• Certification is a Plus: Possess relevant certifications in the field of cybersecurity such as
  SANS GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Network Forensic Analyst) GCFE (GIAC Certified Forensic Examiner) or other industryrecognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.
  

Remote Work :

No