Digital Forensic and Incident Response Analyst

About The Position

Requirements

• Bachelor's degree or four or more years of work experience.
• Four or more years of relevant experience required, demonstrated through work experience and/or military experience.
• Experience working in Digital Forensic, Incident Response, Threat Hunting and/or a Security Operations Center (SOC) environment(s).
• Ability to pass and/or obtain all necessary security clearances.

Nice To Haves

• Awareness of cyber based adversarial frameworks including MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain.
• Strong understanding of cloud security frameworks and best practices.
• Proficient in cloud computing concepts, including IaaS, PaaS, SaaS.
• Comprehensive knowledge with programming or scripting languages relevant to cloud security automation and orchestration.
• Proficient knowledge of the cyber threat landscape including types of adversaries, campaigns, and the motivations that drive them.
• Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.
• Python and/or Powershell experience to enhance automations, ad-hoc forensic analysis, and speed-up response times.
• Previous experience with log aggregation platforms such as Splunk, Elastic, Snowflake, LogRhythm, Google SecOps, etc.
• Proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and MacOS Operating Systems
• Demonstrates leadership and mentoring skills to help advance the overall capabilities of the TMC organization.
• Ability to work in a highly collaborative environment needing strong communication, presentation, and leadership-like skills
• Exhibits initiative, follow-up and follow through with commitments
• Certifications like: Network+, Security+, CISSP, EnCE, CFCE, C|EH, C|HFI, GCFA, GCFE, GCIH and/or cloud-specific security certifications (e.g. AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Certified Professional Cloud Security Engineer)

Responsibilities

• Executing the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses.
• Operating as a trusted advisor on threat analysis during incidents for incident management teams and other stakeholders by following cybersecurity response methodologies such as the NIST CyberSecurity Framework.
• Driving the technical oversight and guidance required to support cloud environment (i.e. AWS, Azure, GCP) day-to-day operations.
• Serving as a primary point of contact during assigned on-call shifts, responding promptly to incidents, escalations, and critical alerts to minimize downtime and mitigate risks to the enterprise.
• Deploying security tools and leveraging logs and endpoint forensic analysis in order to complete a detailed and accurate assessment of security alerts and threats affecting the Verizon enterprise and cloud infrastructure.
• Assisting with the development of security controls for multiple platforms via automated capabilities by using advanced analysis and forensic techniques.
• Driving identification, analysis, and remediation activities to ensure compliance with relevant regulatory requirements, industry standards, and best practices related to security and data privacy.
• Providing assistance and analytical evaluations for high-priority and significant security incidents, including composing extensive and comprehensive analysis summaries and facilitating incident-related discussions.
• Identifying gaps in detections and collaborating with teams across Cyber Security to mitigate threats and improve the overall security posture.
• Recommending ways to mature and advance the preventive and defensive capabilities of the TMC. This includes leveraging data and knowledge to clearly communicate the use case for alert creation.
• Collaborating with cross-functional teams to respond, identify, and analyze the root cause of a cybersecurity incident.
• Conducting risk assessments, in-depth analysis, and forensic investigations to determine the root cause and impact of incidents.
• Enhancing, and/or implementing DFIR playbooks to ensure cohesive response repeatability.
• Assisting with producing operational read-outs and case reviews for peers and leadership that accurately capture the effectiveness of the DFIR organization.
• Continuously honing to build and maintain knowledge, skills, and abilities needed to maintain proficiency in producing thorough and accurate digital forensic analysis.
• Enhancing techniques, workflows and processes of cloud security controls, compliance assessments, and incident response procedures to drive the TMC operational and strategic growth (continuous improvement).

Benefits

• Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefit options including: medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance.
• We also offer a matched 401(k) savings plan, up to 8 company paid holidays per year and up to 6 personal days per year, paid parental leave, adoption assistance and tuition assistance, plus other incentives, we’ve got you covered with our award-winning total rewards package.
• Depending on the role, employees have the opportunity to receive compensation in the form of premium pay such as overtime, shift differential, holiday pay, allowances, etc.
• Newly hired employees receive up to 15 days of vacation per year, which grows with additional service.