The Incident Handler uses incident response, investigative, and forensics skills to determine the extent of a breach, the containment measures required, and the overall response needed. This includes appropriate data collection, preservation, mitigation, remediation requirements, and security improvement plans. The Incident Handler will utilize forensic best practices and provide chain of custody service for criminal investigations (e.g., employee situations, fraud, etc.). The Incident Handler may work on different teams, depending upon the type of incident or pre-incident activity and the nature of the threat.
Essential Functions
Evaluates processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other artifacts for anomalies, security exploitation, and / or unauthorized access.
Identifies attack vectors, social engineering attempts, exploits, malicious code, C2 activity, and persistence mechanism.
Identify containment controls to halt attacks in progress against affected or exposed resources.
Identify mitigation controls to prevent attacks to vulnerable or exposed resources.
Performs analysis to determine scope, risk, and impact of breach or exposure.
Performs root cause analysis, develops remediation plans, and works with SMEs to ensure proper execution of corrective action plans.
Works with SMEs to determine mitigation strategies, and coordinates with affected business unit(s) to implement mitigating security controls.
Collects and preserves digital evidence in a forensically sound manner according to best practices.
Properly and thoroughly document incident findings, evidence, analysis steps, and create after action reports and recommendations.
Engages appropriate levels of management to affect improvements to the security posture of organization.
Provide input to security infrastructure design based on incident response experience.
Provide routine updates to Security Policies and Procedures
Focus on preserving uptime of the production environment and minimize the impact on medical services.
DESIRED SKILLS :
Broad knowledge of digital processing platforms, hardware, operating systems, applications and the ability to identify and troubleshoot failures in any of these areas.
Expert knowledge of Windows-based operating systems
Working knowledge of Linux / UNIX-based operating systems
Familiarity with Android and IOS platforms
Possesses binary and scripted malware behavioral analysis skills.
Possesses binary and scripted malware static analysis and reverse engineering skills and experience with binary disassembly and script analysis platforms.
Ability to troubleshoot through technical issues to properly triage reported events and incidents.
Ability to perform deep-dive analysis to determine root cause and full impact of incidents.
Knowledge and experience in security controls including EDR, forensics tools, anti-virus, intrusion prevention, authentication mechanisms, data collection and analysis tools, and Splunk SIEM
Excellent communication and documentation skills
Ability to produce reports for Sr. Management that properly articulate risk, exposure, corrective action plans.
Ability to speak publicly and lead diverse teams of SMEs & Operations Management through security incident.
Ability to respond quickly and accurately to any level of security incident.
Avoid unnecessary production impact caused by investigation activities, if avoidable
Properly manage elevated access within the environment
Ability to work in a team of professionals sharing workload and investigation assignments in a fast-paced and high-risk environment.
PREFERRED QUALIFICATIONS AND CERTIFICATIONS :
Masters degree in a related technical field and a minimum of 10 years of equivalent work experience
7 years hands on experience with Enterprise forensic software and investigations.
10 years of experience in Cyber Security with a focus on Incident Response or Forensics
EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and / or similar certifications
QUALIFICATIONS : ( A candidate should meet at least 13 of the below qualifications) :
Master's degree in a related field and / or a minimum of 10 years of equivalent work experience
A minimum of 15 years of experience in Information Technology (IT)
EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and / or similar certifications
A thorough understanding of at least three desktop and server operating systems (Windows, Linux, Unix, OS X, Android, IOS) and related forensic artifacts.
Expert shell scripting skills in three or more languages
A thorough understanding of attacker / malware methodologies and common malicious changes
Experience with multiple forensics platforms, such as EnCase, FTK, Nuix, X-Ways, etc.
Possesses binary and scripted malware behavioral analysis skills.
Possesses binary and scripted malware static analysis and reverse engineering skills and experience with binary disassembly and script analysis platforms.
Possesses a thorough understanding of networking and the ability to decode and analyze network packet captures using relevant toolsets.
Possesses expert knowledge of security controls technologies at all layers (IAM, Network, Endpoint, SIEM / Log)
Possesses strong communication and writing skills and the ability to present investigative content and findings verbally and in reports to technical and non-technical audiences, including senior leadership, legal, compliance, business, and other teams.
Possesses the ability to develop, refine, and educate team members on new investigative targets, data sources, tools, methodologies, and processes.
Strong mentoring and leadership skills
Strong project management and overall incident management skills
LOGISTICS :
Contract role through end of the year with potential for extension and / or conversion to perm.
Work remotely anywhere in Domestic US. Preferred locations Colorado or Georgia.
COVID-19 Vaccine and Booster Required - OR must provide valid medical exemption from doctor in advance.
Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
W2 only - No sub vendors. Sponsorship NOT available.
Must have direct contact information on resume (phone / email) to be considered.
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
What is the career path for a Cyber Incident Handler - Principal?
Sign up to receive alerts about other jobs on the Cyber Incident Handler - Principal career path by checking the boxes next to the positions that interest you.
