Digital Forensics Analyst

Position Description:

Be part of something exciting and rewarding and join our Security Operations (SecOps) Team in The Digital Forensics and Incident Response Team. Your role will focus on forensics, however, there is room to grow into incident response if you desire, and this will encompass the full spectrum of technical work including cyber research, forensics analysis, red team operations, malware reverse engineering and innovations.

SecOps is CGI's UK multi-disciplinary team of highly skilled cyber security experts with the primary objective to manage advanced cyber security threats to our clients. This role is ideal for a strong technical candidate who can work flexibly. The role can be based out of our Reading or Bridgend offices and will involve some percentage of remote work. This is a UK position and will include occasional international travel, but in general the amount of travel will be limited. The successful candidate must hold a minimum of SC and be clearable to DV.

Your future duties and responsibilities:

*Forensics - The person will be responsible for the collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures to analyse and determine the attack vector, establish a timeline of activity, and identify the extent of the compromise. The individual should be able to work effectively with minimal support from management and other regional Forensic analysts.

*Innovation - The person will work with the other members of the SecOps team to examine, develop and review IR methodologies, tools, systems or processes that may be used within CGI.

*Incident Response – Whilst this role is a Forensics based role, there is room to grow into incident response and work with our current incident response team to handle in-depth investigations of networks and hosts, determine attack vectors, establish a timeline of activity and to identify the extend of the compromise.

Required qualifications to be successful in this role:

• Digital Forensics
• Host analysis experience with Forensics/EDR tools (enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Minimum 3 years of working experience in digital forensics area, deep forensics knowledge in various operating system (e.g. Mac OS, Windows, etc.) and some experience in public cloud.

Required qualifications to be successful in this role
• Cyber Threat Hunting
• Static and/or Dynamic Malware analysis
• Reverse engineering
• Cyber research and Threat intelligence
• Cyber analysis with big data
• Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Strong understanding of Windows/Linux/Unix operating systems.
• a good understanding of Incident Response methodologies and tools
• Strong understanding of operating system and software vulnerabilities and exploitation techniques.
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint)
• Network analysis experience with Network sensors (Fireye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilising threat intelligence sources
• Penetration testing experience
• Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines.
• Programming languages C/C++, Python, Ruby, Assembly, Bash, Powershell
• User investigations, Behavioural Analysis technology and or processes
• Incident Response Certifications (Various)

Other Desirables
• Degree in IT Security, Engineering or Technology related fields a major plus, or equivalent industry experience.
• Knowledge of malware packing, obfuscation, persistence, exfiltration techniques.
• Experience with tools: IDA Pro, radare2, OllyDbg, WinDBG.
• Experience using other big data analysis platforms and the development of advanced queries used to interrogate big data sources.
• Experience with Machine Learning & Artificial Intelligence
• Any formal certification in Digital Forensics Investigations (EnCE, CHFI, CFCE, ACE, GCFA, GCFE, SANS)

#INDCGI

#LI-JS2

#IND

Skills: