Digital Forensic Incident Response Consultant

The DFIR Consultant will contribute to Avertium’s DFIR practice, implement and execute best practices for incident handling, investigation and reporting, continuously develop the skills and expertise required to achieve customer objectives, and work with customers and other partners to respond to incidents, identify root causes, recommend solutions, and recover compromised environments.

Responsibilities:

• Lead incident response engagements. Understand client requirements, coordinate the incident response team and liaising with client’s business stakeholders and technical teams.
• Liaise with client third parties including legal, insurance and service providers, and provide guidance and subject matter expert advice to customer
• Advise clients on business, technical, regulatory and reputation risk. 
• Advise clients on strategies to contain incidents and limit business impact of cyber incidents
• Advise other incident response team members on strategies and techniques to accomplish client objective
• Collect technical evidence from clients’ environments to prepare for forensic investigations
• Conduct forensic investigations to determine the scope and impact of cyber incidents
• Determine root cause of incidents using available evidence and analytical tools
• Determine scope of data access and exfiltration 
• Provide recommendations and guidance to successfully evict threat actors from customer environments
• Gather intelligence on threat actors to inform recommended containment, remediation and recovery actions
• Develop threat intelligence reports and briefings in support of Avertium’s CTI and MSS groups
• Manage the recovery of clients’ IT infrastructure during and after cyber attacks
• Brief clients’ management, IT teams and third parties during and after cyber attacks
• Prepare and deliver post-incident reports to client teams 
• Conduct threat hunts within EDR and SIEM tools for managed detection and response customers
• Support team members in deeply technical investigations, provides guidance, and practical advice

• Provides thought leadership on the design, and implementation of new detection strategies
• Stays relevant with cyber security threats, counter measures and associated technologies

• Participate in an on-call rotation to provide 24X7X365 client incident coverage
• Identify opportunities to position additive professional and managed services to clients

Qualifications:

• Minimum of Bachelor's Degree in computer science, telecommunications management, electrical engineering, or a related field or have 5 years of experience with broad background in Cyber Security specifically relating to digital forensics and response. 
• Minimum of 3 years of direct experience in digital forensics and incident response
• Dynamic team member able to manage multiple projects simultaneously
• Highly capable communicator able to relate technical concepts to business stakeholders
• Advanced cyber certifications including GCIH, CISSP, CISA, CEH, ECIH and/or technology-specific certifications such as MCSE, CCNA are preferred

Skills:

• Conversant in many areas of cyber security and learns new concepts quickly
• Proven subject matter ability in relevant areas, such as incident response, intrusion analysis, incident handling, malware analysis (including network attack vectors and YARA RegEx), web security or security engineering

• Strong working knowledge of common security tools, such as a SIEM, AV, scanners, proxies, WAF (policies rules, process and workflow), netflow, IDS or forensics tools
• Strong interpersonal and leadership skills when building credibility as a peer as well as in presenting analytical data effectively to varied (including executive) audiences
• Strong understanding of the cyber kill chain, attacker tactics, techniques, and procedures, and the MITRE ATT&CK Framework
• Strong understanding of cloud technologies and related security best practices. Experience handling security incidents in the cloud.

• Firm understanding of endpoint and network-based security solutions, including EDR, firewalls, proxies and email security gateways
• A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, SMB, and distributed networks)
• Proficient in network forensics including PCAP analysis, network security, and IDS/IPS analysis
• Able to recognize common attack vectors such as recon scans, botnet, malware, command and control activity (C2), worms, trojans, and viruses
• Experience with common operating systems, such as Linux, both from a forensic and threat hunting point of view.
• Strong understanding of relevant laws and regulations (e.g. HIPAA, CCPA, GDPR, PCI, etc) as related to cyber incident handling and remediation

Avertium provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.