Job Description:

Knowledge

• In depth knowledge of current targeted threat intrusion scenarios and capable of reproducing them in a lab environment
• Targeted Threat Intrusions are a complex issue, requiring a logical, intelligence driven human response to counter it
• Good understanding of the implications of Data Privacy legislation
• Good understanding of forensic and incident response methodology and tooling
• Good understanding of IT Security to protect and monitor the enterprise
• Good knowledge of local, state and Federal laws and statutes dealing with seizure, personal data, Electronic Communications Privacy Act (ECPA), Privacy Protection Act (PPA), Disclosure and confidentiality, NIST Guidelines, Sarbanes Oxley (SOX), HIPPA, and federal guidelines for searching and seizing computers and electronic data.
• Regional guidelines such as the EU Data Protection Directive, AUS-Privacy Act 1988, New Zealand-Privacy Act 1993.

Background

8-10 Years Experience in a full time forensic and incident response position in diverse and complex commercial or government environments

Demonstrated experience of leading teams of investigators on diverse and complex investigations

Demonstrated capability in handing large scale investigations involving Targeted Threat Actors

Demonstrated presentation skills, able to articulate and present to a wide audience from technical to the board room

Demonstrated experience of maintaining and developing Digital Forensic Investigations capabilities

Demonstrated experience of contributing to IT Security projects

Demonstrated experience of SOC, Digital Forensic and Incident Response operations.

No felony warrants or convictions and a clean criminal record

Preferred background in Local, State or Federal Law enforcement or Intelligence. Security clearance is a plus

Required

• Must have a deep and current understanding of the tools techniques and tactics of Targeted Threat Actors and remain up to date with current and future trends
• Mentor and or identify training to personnel
• Ability and willingness to be involved with APT security research community to maintain knowledge and garner intelligence

• Possesses as a unique blend of experience, vision, technical, and intrapersonal skills that are required for such a position
• Excellent team and case management skills
• Excellent reporting (written and verbal) skills - Client (to C Level) and internal
• Experience with legal and court procedures, working with attorneys and providing technical implementation of data gathering in response to eDiscovery requests.
• Evidence handling and Chain of Custody
• Onsite Job. Newark

Education:

• MSc degree in a field with emphasis on computer security and investigations, desirable
• BSc or higher in a Computer Forensics; or
• BSc in a relevant digital investigation/security subject; or
• BSc qualification and relevant IR/Forensic post degree qualifications; and
• Post degree qualification in IR/Forensics (e.g. SANS); and
• Demonstration of a continuing ability to self-teach
• CISSP, GCIH, GIAC, GCFE, GREM SANS Certifications, EnCE, ACE (multiple are preferred)

Tools

Demonstrated Proficiencies

• Encase
• FTK
• Axiom
• X-Ways
• Carbon Black
• Crowdstrike

Workload

• 70% of time will be spent investigating Targeted Threat Intrusions (billable to client), collaborating with senior staff, and mentoring junior staff on current cases. Most work done remotely but willing to travel if necessary.
• 30% Research and administration