Mission

Supervise and train technical analysts in the DFIR investigations portion of the Global Cyber Respond Forensics & Investigations Team.

Functions

• Make sure investigation action plans are relevant, proportional and feasible. Directly draft the action plan for high profile investigations.
• Make sure the investigations team is never the blocking agent in the lifecycle of the incident, ensuring that escalations happen in a timely fashion.
• Lead critical investigations and ensure such experiences train the team to the point of being able to conduct them independently, and that appropriate process reengineering and lessons learned action is taken to continually improve upon the team’s capabilities.

Requirements

Competencies 

Windows and Linux DFIR: Filesystem and memory analysis; experience in remote acquisition of partial and complete forensic artifacts; excellent understanding of how activity within a corporate domain corresponds to technical traces that can serve as evidence; ability to prescribe acquisition in a proportional and sensible manner; excellent communication skills; affinity for unpredictable workloads.

Languages

English Advanced

Experience

Seasoned DFIR analyst with demonstrable experience in cases involving production infrastructure, and case creation in support of legal action.