Sr. Specialist - Digital Security Investigations
Internet Storm Center · New York, United States · 5 days ago
LegalFull-time
Core Responsibilities
- Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
- Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
- Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
- Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
- Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross functional partners.
- Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
- Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and opensource tools.
- Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
- Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in oncall and emergency response activities.
Qualifications
- Demonstrated experience conducting digital forensic investigations using commercial and opensource tools is required.
- Strong understanding of insider threat policies, investigative procedures, and evidence handling, including strict chain of custody practices is required.
- Proven ability to analyze digital evidence, develop investigation timelines, perform root cause analysis, and draw defensible conclusions is required.
- Experience producing clear, well structured reports and briefings for both technical teams and executive leadership is required.
- Knowledge of evolving insider threat trends, tactics, and threat behaviors is required.
- Understanding of OT/ICS systems, protocols, and architectures is preferred.