1 DFIR Cyber Operations Forensics Lead Job in Tysons Corner, VA
Arete is Hiring a DFIR Cyber Operations Forensics Lead Near Tysons Corner, VA
- Oversees Forensics analysis and supports multiple Tiger Teams and engagements for matters beyond Ransomware/BEC matters.
- Leads investigations for projects beyond Ransomware and BEC including Cloud, insider threat, and advisory/Enterprise Incident Response (EIR) matters.
- Works with the Forensic members of the Tiger Team to ensure digital forensic analysis of Windows, Apple Mac, and Windows based operating systems, in addition to the analysis of networking appliances including but not limited to, VPN and firewall appliances is performed in an efficient and timely manner.
- Provides forensic data and artifact collection requests based on the investigative approach to ensure the data is collected and made available for forensic analysis with limited impact.
- Leads delivery of findings for a Tiger Team working in conjunction with the Senior Analyst to provide oversight across multiple additional Tiger Teams, while taking on leadership responsibilities related to the delivery across the additional multiple Tiger Teams.
- Reviews scoping call notes and case background for situational awareness from the start of every engagement.
- Drives the forensic investigation forward ensuring the right data is collected and analysis questions are answered to tell the narrative story of how the threat actor compromised the client’s network and environment.
- Works with the Tiger Team to understand the nature of issues, potential risk to Counsel, Carrier, and Client relationships.
- Collaborate and leverage threat intel Tactics, Techniques, and Procedures (TTPs)/Indicators of Compromise (IOCs), information from our Security Operations Center (SOC)/Threat Hunting team, and updates from our Negotiations teams as part of the incident.
- Supports the Director, as a Forensic Subject Matter Expert (SME) for all active forensic analysis for projects on the assigned Tiger Team.
- Maintains target utilization for members of the Tiger Team that comes from client billable work including forensic analysis, participating in client update or forensic scoping and update findings calls, client correspondence related to forensic analysis, data collection, or investigative questions verbally or in writing.
- Initiates and manages the forensic data collection process in support of the forensic investigation for the assigned engagement.
- Ensures the forensic project timeline is on track, daily updates are provided from the assigned analysts to the IR Director, and Analyst SLAs are met (i.e. report is delivered on time, interim and final updates are provided on-time when asked)
- Delivers Forensics findings and updates to support the Tiger Teams and Senior Analysts as needed due to conflicts or time-off in a clear, concise manner while adjusting communication content and style to meet the needs of diverse stakeholders
- Ensures assigned analysts have the data, context, and clarity they need to conduct accurate and timely analysis.
- Works with Senior Analyst to deliver on the Forensic Investigations plan & manages the delivery timeline delivery across the projects
- Monitors and tracks the Forensic budget and budget burn rate across multiple engagements
- Allocates Forensic Tiger Team and Tiger Team Pool resources to the Tiger Team projects to maximize delivery based on the availability and utilization of the team members
- Works client facing on forensic update calls to ensure accurate updates are conveyed as they relate to the investigation
- Communicates both verbally and in writing to answer client and counsel questions related to the forensic investigation
- Supports the Tiger Team IR Director with delegating and managing the Senior Analysts and Analysts who report to Forensic Lead on their respective Tiger Team
- Conducts the performance reviews of all assigned forensic analysts Maintains a case load of at least two cases and conducts forensic analysis, in addition to other responsibilities
- Conducts final review of the report from the perspective of the forensic investigator ensuring all possible investigative questions were addressed in the analysis and requesting additional context or analysis when the report requires more work
- May perform other duties as assigned by management
- Thorough knowledge of host-based forensics, network forensics, malware analysis and data breach response.
- Experience with EnCase, Axiom, X-Ways, FTK, SIFT, ELK, Redline, Volatility, and open source forensic tools
- Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell
- Experience in a security professional services consulting firm, preferred
- One or more Digital Forensic and Incident Response Certifications such as GCFE, GCFA, GNFA, GCTI, GREM, CHFI, CCE, CFC, EnCE, and CFCE, preferred
- Bachelor's Degree and 8 years of incident response or digital forensics experience or Master's Degree and 6 years related experience or J.D. and 4 years related experience
- Consulting experience, preferred
WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
- No physical exertion required
- Travel within or outside of the state
- Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
FLSA OVERTIME CATEGORY Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Job Summary
Full Time
Scientific Services
$83k-108k (estimate)
06/09/2024
07/04/2024
arete.com
ARLINGTON, VA
200 - 500
1976
DR STEVE RAMBERG
$50M - $200M
Scientific Services
Related Companies
About Arete
Aret, an employee-owned company, is an advanced science and engineering company that provides innovative solutions to the most challenging technical problems faced by the United States Defense and Intelligence agencies. Aret is derived from the Greek word , meaning the pursuit of excellence and the achievement of maximum performance. Aret was founded in 1976 by five scientists, tasked by the DoD to help solve the challenge of detecting weak signals in heavy clutter over very wide areas. The signatures involved in this work were so weak that any advancement in signal processing algorithms deman...ded a new approach and understanding of the underlying fundamentals affecting the sensors and signal phenomena in the environments of interest. This first-principles-of-physics approach has been a hallmark of Arets development programs for the past 40 years Aret now works across the electromagnetic spectrum. We develop sensors and the associated signal processing algorithms necessary for the extraction and interpretation of data for systems operating under water, in the atmosphere, and in space. With our emphasis on enhanced signal processing and real-time executable software, Aret is able to improve the performance of existing sensor systems at fractions of the cost and time to operations of replacement systems. We work directly with customers and partners seeking maximum performance. Building on our expertise in detection theory we will continue to exploit the contextual, spatial, spectral, and temporal characteristics of data, incorporating them into our signal processing algorithms. These robust algorithms will continue to enable Aret to rapidly deliver innovative solutions to the ever evolving challenges of our customers.
More
Show less
Similar Jobs
Popular Articles
