Cyber Analyst, Digital Forensics Incident Response

Summary

Join At-Bay Security team as a Cybersecurity Analyst focused on Digital Forensics and Incident Response (DFIR) to deliver incident investigation and response services, analyze digital evidence, and develop incident reports.

Requirements

• Previous digital forensics and incident response experience
• Strong oral and written communication skills
• Minimum of 2 years of experience in cybersecurity operations, incident response, incident recovery, or another security discipline
• Willingness to travel as needed to perform job functions
• Bachelor’s degree or equivalent

Responsibilities

• Deliver incident investigation and response services via forensically sound collection, transmission, and storage of digital evidence
• Analyze digital evidence to identify indicators of compromise and adversary activity
• Develop incident timelines and theories of compromise
• Identify incident root causes
• Participate in threat actor negotiations as necessary (e.g., ransom negotiations, etc.)
• Participate in incident recovery activities as necessary (e.g., restoration of data from backups, reimaging workstations and servers, rebuilding network infrastructure, etc.)
• Develop and deliver incident reports to document key incident details for engagement stakeholders including executive leaders for insureds, breach coach attorneys, and At-Bay claims management staff as necessary
• Develop and deliver recommendations to mitigate the risk of future incidents for impacted insureds
• Develop and deliver incident response training and simulations for targeted insureds

Preferred Qualifications

• Significant undergraduate or graduate coursework in computer science, computer engineering, information systems, or cybersecurity
• Previous background in law enforcement or government/military with experience leading complex technical investigations
• Knowledge of cloud environments, including knowledge of cloud security products and services offered by major cloud service providers (e.g., AWS, Azure, Google)
• Experience in a top-10 cyber consulting firm or leading DFIR provider preferred
• One or more industry cybersecurity certifications (e.g., GCIH, Security+, CISSP, etc.)