Find Jobs Find Talent
Back to Job Search
Digital Forensics Security Analyst
South Carolina, SC  |  Remote
Contract Position
Apply Now
It appears that you have already applied to this job.
Applied on March 22, 2023
Job Id #62028 Posted February 23, 2023
Save

Digital Forensics Security Analyst
Requirements:
  • Experience as Cyber Security/Digital Forensics Analyst
  • Experience w/ SIEDMs, IDS / IPS, host based anti-virus, Endpoint Detection and Response (EDR) and similar products
  • Understanding of host and network security hardening 
  • Experience w/ Microsoft and UNIX O/S is ideal
  • Perl and Python scripting is highly desired
  • Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, C|EH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA--candidates with active certs will be moved to top of list

Position Description:
  • This is a hands-on "Forensics Role."
  • The ideal candidate will serve as a subject matter expert (SME) for digital forensics/incident response (DFIR).
  • This position is responsible for investigating security incidents, identifying data exfiltration, review SIEM data, and building high quality technical reports.
Main Responsibilities:
  • Provide Forensic analysis to the IR process including forensic artifact handling and analysis, malware and implant analysis, and threat intelligence analysis.
  • Lead technical effort to identify, investigate, mitigate, and respond to security events and incidents during live incidents, red team incidents, purple team exercises, or tabletop exercises within the customer’s environment and otherwise mentor junior IR analysts.
  • Investigate novel and complex threats, then develop detection logic, playbooks, automation, and any other necessary documentation for reoccurring incidents and incident tasks.
  • Proactively drive hunting and analysis on behalf of multiple clients
  • Leverage internal and external resources and threat intelligence feeds to research threats, vulnerabilities, and intelligence on various Threat Actors and Threat Actor infrastructure.
  • Enhance SOC with advanced skill sets such as SOC automation, integration, and orchestration to optimize SOC resource allocation.
  • Create temporary or permanent reports for customers, as requested.
  • Build and improve incident response frameworks and plans for SOC customers based on industry standards, guidelines, and best practices.
  • Document incident response process and create reports for incident stakeholders and facilitate lessons learned.
  • Collaborate with technical SMEs including customer IT staff to identify gaps to enhance security monitoring and response actions.
  • Attend customer meetings as part of incident response and incident handling.
  • Provide analytic investigative support of complex security incidents.
  • Perform detailed network and file forensic analysis on security incidents.
  • Install, upgrade, and patch forensic tools.
  • Serve as escalation point for forensic examinations.
  • Document and manage incident cases in ticketing/case management system.
  • Hunt for and identify threat actor groups and their techniques, tools, and processes.
  • Create, review and present detailed technical reports to both technical and non-technical audiences.
  • Provide training on DFIR practices, procedures, and responses to junior and mid-level analysts.
  • 24x7 Rotating On-Call Schedule
Additional Duties:
  • Perform tuning and filtering SIEM alerts and monitor components to ensure only relevant security data is gathered.
  • Maintain Industry Training by keeping up to date on security technologies, threats, and risk mitigation techniques.
  • Consult with internal leadership on daily basis to mature customer security posture based on industry best practices.
  • Gain and maintain knowledge of Customer’s business and technical environment.
  • Develop new use cases and playbooks/SOPs, as well as automation for recurring incidents and incidents tasks.
  • Assist SOC Engineers with maintenance on security devices, as needed.
  • Review procedures and processes to make recommendations to vSOC leadership to deliver to customers and provide security governance.
  • Develop use cases for tier 1 and tier 2 analysts for incident response.
  • Provide guidance to tier 1 and tier 2 analysts.
  • Mentor junior forensic analysts
  • Review alerts generated by detection infrastructure for false positives and modify alerts as needed.
What We Look for In a Candidate:
  • Undergraduate degree in computer science, engineering, or related field, or equivalent experience
  • Understanding of information security fundamentals, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts
  • 8 years’ experience in high volume environment performing digital forensic analysis.
  • Analytical and problem-solving skills related to networking, operating systems, and malware analysis.
  • Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, C|EH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA
  • Oral and written communication skills and comfort with presenting technical issues.
  • Knowledge of current and emerging technologies
Preferred Qualifications:
  • Undergraduate degree in Information Assurance, Cyber Security, or related field
  • 14+ years of experience in incident response, risk assessments, application security or network security
  • 14+ years’ experience performing forensics on Windows, Linux (or other Unix derivatives), and Mac systems.
  • Understanding of SIEMs, IDS / IPS, host based anti-virus, Endpoint Detection and Response (EDR) and similar products.
  • Microsoft or UNIX (including Linux or other UNIX derivatives) operating system administration/support experience.
  • Experience with technologies, tools, and process controls to minimize risk and data exposure.
  • Knowledge of scripting languages such as Python or Perl
  • Experience in large enterprise or carrier data centers and/or networks
  • Understanding of static or dynamic analysis of malware
  • Experience using a variety of virtualization platforms.

 

Horizontal is proud to be an Equal Opportunity and Affirmative Action Employer. We seek to provide employment opportunities to talented, qualified candidates regardless of race, color, sex/gender including gender identity and/or expression, national origin, religion, sexual orientation, disability, marital status, citizen status, veteran status, or any other protected classification under federal, state or local law.

In addition, Horizontal will provide reasonable accommodations for qualified individuals with disabilities. If you need to request a reasonable accommodation in order to complete the application or interview process, please contact hr@horizontal.com.

All applicants applying must be legally authorized to work in the country of employment.

Apply for this job

EQUAL OPPORTUNITY EMPLOYMENT SURVEY

What is your gender?

What is your ethnicity?

What is your Veteran / U.S. Military Status?

Do you identify with one or more of the classifications of protected veterans below?

If yes, please indicate by checking the appropriate box below

Do you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Horizontal is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Success!

You have saved your first job! To see all your Saved Jobs, click here. Or continue scrolling through jobs and bookmark openings that catch your eye and apply for those jobs later.

Return to Job Search
Close

We’re sorry!

There are currently no open positions in your location or accepting applications from out of the country

Return to Home
Close
X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm