Hybrid Pathways is hiring a
Security Digital Forensics Engineer

Summary

Hybrid Pathways is seeking a Digital Forensics Engineer Consultant to support their Threat Management Team's objectives in providing forensics acquisition and analysis support across environments, improving security posture. This is a 6-month remote opportunity.

Requirements

• Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices
• Forensics analysis background on following platforms and technologies: Cloud (AWS, Azure, GCP), Windows/Mac/Linux OS, Physical and virtual network devices and platforms
• Understanding of SaaS, PaaS, IaaS
• Analyze and characterize cyber-attacks unique to cloud
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Ability to document forensic workflows based on sound industry practice
• Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods
• Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc
• Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity
• Understanding of APIs and ability to leverage them for building integrations
• Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools
• Ability to write SQL to search data warehouse databases
• Familiarity with the following tools: Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open-source forensic tools
• Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR)
• Malware Analysis / Reversal Tools
• Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc
• Endpoint Detection & Response (EDR)
• Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc
• 6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field
• Proficient with host-based forensics and data breach response
• Experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience is a value add
• Understand and demonstrate best practices for architecting and operating in multi cloud environments in a scalable manner
• Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches
• Experience using industry standard forensic tools
• Experience preserving desktops, laptops, mobile devices/tablets, servers, both cloud and on-premises email implementations, nontraditional cloud data sources, social media, etc. in a forensically sound manner
• Excellent communication skills, both written and verbal
• Ability to work independently and as part of a team
• Strong problem-solving skills
• Bachelor's degree (BA/BS) in Computer Science from four-year college or university; or equivalent training, education, and work experience. Cybersecurity certifications such as CISSP, CISM, etc

Responsibilities

• Collect, process, analyze, interpret, preserve, and present digital evidence
• Perform forensic triage of an incident to include determining scope, urgency and potential impact
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
• Document forensic analysis from initial participation through resolution
• Document forensic workflows based on sound industry practice
• Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity
• Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Develop, document and refine procedures to accomplish discovery process requirements
• Manage all chain of custody best practices associated with the rules of evidence
• Mentor team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events

Preferred Qualifications

• Cybersecurity certifications such as CISSP, CISM, etc
• Networking knowledge, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack
• Demonstrate how to execute common web application attacks like SQL Injection, XSS, CSRF
• Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures