Cyber Defense Forensics Analyst
EY · Rochester, NY · 3 wk ago
On-siteInformation TechnologyFull-time
The opportunity
Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team responsible for security incident response for EY. The candidate will work as an escalation point for suspect or confirmed security incidents.
Your key responsibilities
- Investigate, coordinate, bring to resolution, and report on security incidents as they are brought up or identified
- Forensically analyze end user systems and servers found to have possible indicators of compromise
- Analysis of artifacts collected during a security incident/forensic analysis
- Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools
- Interface and connect with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions
- Provide consultation and assessment on perceived security threats
- Maintain, manage, improve and update security incident process and protocol documentation
- Regularly provide reporting and metrics on case work
- Resolution of security incidents by identifying root cause and solutions
- Analyze findings in investigative matters, and develop fact-based reports
- Be on-call to deliver global incident response
Skills and attributes for success
- Resolution of security incidents by identifying root cause and solutions
- Analyze findings in investigative matters, and develop fact-based reports
- Proven integrity and judgment within a professional environment
- Ability to appropriately balance work/personal priorities
To qualify for the role you must have
- Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field
- 5+ years experience in incident response, computer forensics analysis and/or malware reverse engineering;
- Understanding of security threats, vulnerabilities, and incident response;
- Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis;
- Be familiar with legalities surrounding electronic discovery and analysis;
- Experience with SIEM technologies (i.e. Splunk);
- Deep understanding of both Windows and Unix/Linux based operating systems;
Ideally, you’ll also have
- Hold or be willing to pursue related professional certifications such as GCFE, GCFA or GCIH
- Background in security incident response in Cloud-based environments, such as Azure
- Programming skills in PowerShell, Python and/or C/C++
- Understanding of the best security practices for network architecture and server configuration
What we look for
- Demonstrated integrity in a professional environment
- Ability to work independently
- Have a global mind-set for working with different cultures and backgrounds
- Knowledgeable in business industry standard security incident response process, procedures, and life cycle
- Excellent teaming skills
- Excellent social, communication, and writing skills