Mission

Independently lead or collaborate in the Grupo Santander´s investigations, bringing advanced technical DFIR skills.

Functions

• Take on the leadership role in any DFIR investigation escalated to the team.
• Perform artifact analysis and accurately construct a case narrative that can be represented in a forensic report.
• Follow the chain of custody requirements and make sure the business does so on a B.A.U basis.
• Train and mentor junior analysts as well as other team members.

Requirements

Competencies 

• Excellent command of windows and *nix forensics, in the context of both fraud/business related eDiscovery style investigations and “black box” investigations searching for compromise markers.
• Good knowledge of Android forensic review, able to coordinate the acquisition and review of relevant artifacts from Android devices. iOS knowledge is an added benefit.
• Excellent investigation skills. Able to comfortably prescribe and assist acquisition, pivot off of new findings and perform impact assessment.
• Very good knowledge of AD based domains. Ability to recognize signals amongst noise in typical logs and artifacts, from both on premise and o365 environments

Tooling experience:

• Data analytics tools (pandas, elastic, spark etc..) for log analysis
• EnCase Endpoint Investigator, NUIX for forensic acquisition and review

Languages

English Advanced

Experience

Seasoned DFIR analyst with demonstrable experience in cases involving production infrastructure, and case creation in support of legal action.