Digital Forensics and Incident Response Consultant

Role and Responsibilities

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
• Work as a consultant for many Incident Retainer Program
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
• Strong understanding on threat hunting methodologies.
• Strong experience in post-compromise assessment.
• Ability to perform detailed forensics investigations;
  • Network traffic capture and analysis
  • DNS traffic analysis
  • Network detection and response
  • Process Injection and Malicious Process Analysis
  • DLL hijacking
  • Privilege Escalation
  • Kernel Hook Detection
  • Security Outliers
• Knowledge on DFIR tools – Autospy, Encase, Access Data, FTK+, IDA etc.
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
• Provide resolution plans for system and network issues.
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
• Ability to write Incident Response Reports in accordance to international standards.

Qualification

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
• Expert knowledge on threat hunting tools – commercial and open source
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.

Certifications

• GCIA, GCIH, or CISSP Certifications
• SANS Certified Forensic Examiner (GCFE)
• Forensic/ Incident Response Professional
• Industry Certification on Digital Forensics Tool