Security Incident Response Consultant


Computer Sciente Corporation


Posted Under: Newark, Delaware jobs in Professions; Professions jobs
Posted On: 2020-10-19 00:00:00

Must have in depth knowledge and understanding of APT actors and threats and how to deal with APT incidents as part of a wider incident response (e.g. security enhancement etc.). A complete knowledge of live security incident management and handling including leading, teaming, analysis and remediation. Comprehensive understanding of security improvement planning, and an ability to make in depth recommendations regarding same. Flexible and dynamic working approach and willing to work 24/7 in delivery capability, often travelling away from home at short notice for extended periods. Requirements: 10 Years Experience in a full time forensic and incident response position in diverse and complex commercial or government environments Demonstrated experience of leading teams of investigators on diverse and complex investigations Demonstrated capability in handing large scale investigations involving Targeted Threat Actors Demonstrated presentation skills, able to articulate and present to a wide audience from technical to the board room Demonstrated experience of maintaining and developing Digital Forensic Investigations capabilities Demonstrated experience of contributing to IT Security projects Demonstrated experience of SOC, Digital Forensic and Incident Response operations. No felony warrants or convictions and a clean criminal record Background in Local, State or Federal Law enforcement or Intelligence with security clearance. Knowledge: In depth knowledge of current targeted threat intrusion scenarios and capable of reproducing them in a lab environment Targeted Threat Intrusions are a complex issue, requiring a logical, intelligence driven human response to counter it Good understanding of the implications of Data Privacy legislation Good understanding of forensic and incident response methodology and tooling Good understanding of IT Security to protect and monitor the enterprise Good knowledge of local, state and Federal laws and statutes dealing with seizure, personal data, Electronic Communications Privacy Act (ECPA), Privacy Protection Act (PPA), Disclosure and confidentiality, NIST Guidelines, Sarbanes Oxley (SOX), HIPPA, and federal guidelines for searching and seizing computers and electronic data. Regional guidelines such as the EU Data Protection Directive, AUS- Required: Must have a deep and current understanding of the tools techniques and tactics of Targeted Threat Actors and remain up to date with current and future trends Mentor and or identify training to personnel Ability and willingness to be involved with APT security research community to maintain knowledge and garner intelligence Possesses as a unique blend of experience, vision, technical, and intrapersonal skills that are required for such a position Excellent team and case management skills Excellent reporting (written and verbal) skills --- Client (to C Level) and internal Experience with legal and court procedures, working with attorneys and providing technical implementation of data gathering in response to eDiscovery requests. Evidence handling and Chain of Custody Tools: Encase FTK Axiom X-Ways Carbon Black Crowdstrike Workload: 70% of time will be spent in the field investigating Targeted Threat Intrusions (billable to client), collaborating with senior staff, and mentoring junior staff on current cases.Willing to travel 30% Research and administration Education: MSc degree in a field with emphasis on computer security and investigations, desirable BSc or higher in a Computer Forensics; or BSc in a relevant digital investigation/security subject; or BSc qualification and relevant IR/Forensic post degree qualifications; and Post degree qualification in IR/Forensics (e.g. SANS); and Demonstration of a continuing ability to self-teach CISSP, GCIH, GIAC, GCFE, GREM SANS Certifications, EnCE, ACE (at least two of these)