Advance your career with Mindlance. We have been connecting talented IT professionals with world-class companies since 1999. Mindlance is here to help you to find the perfect fit with just the right company. Currently, we are seeking a Cyber DFIR (Digital Forensics & Incident Response) Engineer for an exciting career growth opportunity.
Make your next big career move with the kind of position that will allow you to be genuinely passionate about the work you do. Our recruiters will work closely with you to help you get the edge over the competition. Let Mindlance advocate for you - apply today.
"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."
Job Title: Cyber DFIR (Digital Forensics & Incident Response) Engineer
Job Category: Fulltime
Industry: Banking
Job Location: Zebulon, NC/Atlanta, GA (5 days Onsite)
Zip Code: 30303/27597
Top 3/5 Skills: Incident Response, Digital Forensics, Cloud, Cybersecurity, DFIR
Min & Max Salary: $130K/Annually - $150K/Annually
Description :
Business Initiative/Purpose:
Cyber Incident Response.
Bachelor's Degree:
Preferred.
Role Responsibilities:
The Cyber DFIR (Digital Forensics & Incident Response) Engineer on the advanced 24/7 Cyber Incident Response Team (CIRT) is responsible for effectively responding to cyber incidents within any technology environment leveraging digital evidence and forensic analysis techniques.
As DFIR professionals, individuals in this role demonstrate proficiency in log, code, cloud, identity, network, endpoint, memory, malware, and root cause analysis. The position will directly perform, facilitate, or consult on the entire cyber incident response.
Cyber DFIR Engineers must be able to operate and provide technical direction in structured and unstructured situations. This role will routinely setup and lead incident response calls and collaborate across various IT/Cyber functions.
Must Have Skills/Prior Experiences:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or related field of relevant education, certification, or related training.
Five years of experience in Cybersecurity or related work
Knowledge of one or more cloud platforms and cloud security
Knowledge of general information technology (IT) and cybersecurity
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of network traffic analysis and packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
Knowledge of operating systems, including Windows/Unix ports and services.
Knowledge of modern identity and access management concepts
Knowledge of phishing tactics and techniques
Knowledge of advanced cyber threats and vulnerabilities.
Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
Knowledge of adversarial tactics, techniques, and procedures
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Knowledge of incident response and handling methodologies.
Knowledge of countermeasures to address a variety of threats
Knowledge of leveraging automation, ML, and/or AI
Knowledge of advanced threat-hunting techniques
Knowledge of types of digital forensics data and how to recognize them.
Knowledge of types and collection of persistent data.
Knowledge of file system implementations (e.g., New Technology File System NTFS , File Allocation Table FAT , File Extension EXT ).
Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
Knowledge of processes for seizing and preserving digital evidence.
Plus/Nice to Have Skills/Prior Experiences:
Experience working in cloud environments, namely Microsoft Azure and Amazon AWS.
Industry certifications in general technology (e.g. Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)
Industry certifications in cyber security, such as: Security+, CySA+, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), GIAC Cloud Forensics Responder (GCFR), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Reverse Engineering Malware Certification (GREM), etc.
Experience in Cyber Breach Response, Security Operations Center (SOC), Network Operations Center (NOC), IT/Cyber Engineering, or Intelligence Community (IC).