Cloud Security Services is hiring a
Security Digital Forensics Engineer

Summary

The job is a 6-month remote Digital Forensics Engineer Consultant opportunity with Cloud Security Services, focusing on supporting the Threat Management Team's objectives by providing forensic support across various environments and improving security posture.

Requirements

• Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices
• Forensics analysis background on following platforms and technologies: Cloud (AWS, Azure, GCP), Windows/Mac/Linux OS, Physical and virtual network devices and platforms
• Understanding of SaaS, PaaS, IaaS
• Analyze and characterize cyber-attacks unique to cloud
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Ability to document forensic workflows based on sound industry practice
• Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods
• Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc
• Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity
• Understanding of APIs and ability to leverage them for building integrations
• Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools
• Ability to write SQL to search data warehouse databases
• Familiarity with the following tools: Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open-source forensic tools
• Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR)
• Malware Analysis / Reversal Tools
• Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc
• Endpoint Detection & Response (EDR)
• Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc
• 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field
• Proficient with host-based forensics and data breach response
• Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner
• Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches
• Experience using industry standard forensic tools
• Experience preserving desktops, laptops, mobile devices/tablets, servers, both cloud and on-premises email implementations, nontraditional cloud data sources, social media, etc. in a forensically sound manner
• Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical/non-technical clients
• Ability to demonstrate superior organizational skills with acute attention to detail
• Must be an energetic self-starter who can work within a team environment but also independently as the situation requires
• Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems
• Have experience with IoT platforms, large-scale distributed systems, and/or client-server architectures

Responsibilities

• Collect, process, analyze, interpret, preserve, and present digital evidence
• Perform forensic triage of an incident to include determining scope, urgency and potential impact
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
• Document forensic analysis from initial participation through resolution
• Document forensic workflows based on sound industry practice
• Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity
• Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Develop, document and refine procedures to accomplish discovery process requirements
• Manage all chain of custody best practices associated with the rules of evidence
• Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events