Associate Director of Forensics DDIT ISC

Your key responsibilities:

• Digital Forensics and Incident Response:
  • Support specific IT forensic investigations and operations, including: The extraction of data and electronic evidence from information technology in a way that ensures that the data is seized in compliance with computer forensic standards and in compliance with chain of custody guidelines; The subsequent analysis of this electronic evidence where allowed and relevant.
  • Work with Group Legal department on forensic litigation support by providing expert advice, performing acquisition and discovery work, and writing summary reports
  • Actively participate in incident response team and efforts; perform evidence collection and root cause analysis of compromised devices
  • Create forensic images of electronic media and devices; including but not limited to servers, laptops, mobile phones, and portable storage devices
  • Continually keep current with emerging IT forensics trends, technologies and software.
  • Conduct investigations into security alerts and coordinate root cause analysis of IT Security incidents
• Technologies and Automation:
  • Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations that support forensic activities
  • Research and test new technologies and platforms; develop recommendations and improvement plans
  • Provide mentoring and coaching of other CSOC team members

• Day to Day
  • Manage the development of tools, policies and processes to support the digital forensic program
  • Develop metrics and KPI reports for management, including gap identification and recommendations for improvement
  • Recommend or develop new forensic tools and techniques

What you’ll bring to the role:

• 4+ years of experience in Digital Forensics
• Experience with digital forensics related to medical/manufacturing devices
• Host and network based forensic collection and analysis
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills
• Excellent understanding and knowledge of general IT infrastructure technology and  systems
• Good knowledge of IT Security Project Management, with proven experience to initiate and manage projects that will affect CSOC services and technologies
• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
• Proficient with Encase, Responder, X-Ways, Volatility, FTK, Axiom, Splunk, Wireshark, and other forensic tools
• Research, enrichment, and searching of indicators of compromise
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on incident response topics
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
• Good mediation and facilitation skills
• Very strong team and interpersonal skills along with the ability to work independently and achieve individual goals; ability to coordinate with other team members to achieve the specified objectives.