Responsibilities

• Lead the most sophisticated forensic analyses handled by the firm.
• Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
• Provide expert testimony in trials, depositions, and other proceedings.
• Supervise other Digital Forensics and Incident Response staff, including coordinating teams of professionals, assuring stellar work product, and assisting with performance reviews and mentorship of cybersecurity professionals.
• Ensure that client matters are staffed adequately and efficiently and that deadlines are met.
• Form and articulate expert opinions based on analysis.
• Draft and conduct peer review of expert reports, affidavits, and other experienced testimony.

Essential Requirements

• 8+ years or more of sustained hands-on excellence in the Incident Response industry along with some digital forensic experience. 2+ years Incident Response lead experience.
• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic, demand-based environment, requiring flexibility and responsiveness to client matters and needs.
• Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
• Proficiency with industry-standard forensic toolsets (i.e. X-Ways, EnCase, Axiom/IEF, Cellebrite/UFED, and FTK).
• Ability to conduct malware analysis in support of incident response engagements.
• Proficiency with database querying and analysis.
• Knowledge of scripting/programming languages to assist in automating some IR processes.
• Knowledge of memory analysis techniques including the use of volatility (Python), rekall (Python) , or other tools.
• Experience with conducting log analysis of various types of logs, including Windows Event Logs, Apache, IIS, and firewall logs.
• Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure (Microsoft)
• Confidence, humility, and a commitment to learning and teaching others in a collaborative environment of forward-thinking cybersecurity leaders.
• Must be able to work collaboratively across departments and physical locations.
• Comfort with intermittent periods of travel, evening and weekend hours.
• Exceptional work ethic; high level of professionalism and adherence to ethical standards.
• Strong written and oral communication skills, plus attention to detail.
• Fluency in spoken and written English and Japanese essential.
• A high level of professionalism in all areas of performance.
• One or more relevant industry certifications relating to Incident Response SANS GCFA or GCIH, CREST CPIA or CRIA, or equivalent

Preferred Requirements

• Bachelor’s Degree in Computer Science, Information Security, Engineering, Digital Forensics or other relevant subjects.
• Interest in building intellectual capital for the firm by writing blogs, submitting to CFPs, and crafting internal tools for analysis.
• Familiarity with mobile device operating systems including iOS and Android.
• Knowledge of computer networking technologies.
• Proficiency with C++, C#, Python, or SQL— Assembler languages are a plus.
• Prior experience/knowledge of penetration testing/hacking techniques such as SQLi(most common), XSS, RFI/LFI, Directory traversal (http), and tools such as Nessus(Free open source) , Nmap (These 2 are common ones) , Kali Linux, Burp Suite, SQLMap, etc(penetration software)
• Participation in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cybersecurity and preparedness.
• A constantly developed DFIR skill set, and proficiency with industry standard tools and practices, through outside training and research.