Sr. Specialist - Digital Security Investigations
Con Edison · New York, NY · 6 days ago
On-siteLegalOther
Responsibilities
- Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
- Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
- Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
- Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
- Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross-functional partners.
- Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
- Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and open-source tools.
- Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
- Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in on-call and emergency response activities.
Qualifications
- Demonstrated experience conducting digital forensic investigations using commercial and open-source tools is required.
- Strong understanding of insider threat policies, investigative procedures, and evidence handling, including strict chain of custody practices is required.
- Proven ability to analyze digital evidence, develop investigation timelines, perform root cause analysis, and draw defensible conclusions is required.
- Experience producing clear, well-structured reports and briefings for both technical teams and executive leadership is required.
- Knowledge of evolving insider threat trends, tactics, and threat behaviors is required.
- Understanding of OT/ICS systems, protocols, and architectures is preferred.
- Preferred physical security investigative experience.
- Demonstrated ability to maintain confidential information, strong verbal communication and listening skills, and demonstrated analytical skills are required.
- Proficient in Microsoft Office including Word, Excel, Outlook, and PowerPoint, etc.
- Required: Accredited Asset Management Specialist (AAMS); Relevant DFIR Certifications: GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar.