Friday, February 26, 2016

Incident Response and Forensics Manager

Project Location:   
Seattle, WA, 98101
Service Line or Internal Department Name
 ITS Security
Project Name
 ITS Security
Desired Start Date
Projected End Date
 8/31/2016 – Likely to extend and/or go FTE

Skill Family
 Security Skill Family
Role Level
Security Operations Specialist – Manager, Incident Response and Forensics
Seeking an experienced, detail-orientated, and motivated Incident Response and Forensics Manager to monitor and oversee elements of the Information Security program and activities of Client, protecting the confidentiality, integrity, and availability of Client's and its Customers assets.
Key Responsibilities:
Assist in maintaining the security and health status of Client's systems by supporting the following tasks:
  • Investigate network intrusions and other cyber security breaches to determine the cause and extent of the breach
  • Thoroughly investigate instances of malicious code to determine attack vector and payload
  • Participate in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cyber security and preparedness
  • Contribute to training development and lead sessions, individualized if needed, for security and response staff, to ensure appropriate development of skills and continued innovation
  • When applicable research and recommend hardware and software needed for Incident Response, including business case development if needed
  • Develop policies and procedures to analyze information security response events, including malware
  • Participate in special forensic projects as required, including collection, preservation of electronic evidence
  • Preserve and analyze data from electronic data sources, including laptop computers, servers, and mobile devices
  • Produce high quality oral and written work product, presenting complex technical matters clearly and concisely
Necessary Skills and Knowledge 
  • Strong Knowledge of Microsoft Technologies
  • In-depth knowledge of Windows Server logging and components, IIS, PowerShell and related application and/or database products and technologies
  • Strong Knowledge of Cloud Technologies (IaaS, SaaS, PaaS, Public, Private, Hybrid) and instrumentation methods to address limitations in cloud visibility
  • Depth of understanding in computer security related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, and web-focused security topics.
  • Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT), rootkits, Spear Phishing, PtH and other credential compromise techniques.
  • Proficiency with forensic techniques and the most commonly used IR toolsets, such as Pstools, Volatility, EnCase, and FTK Suite
  • Strong understanding of common attacks (Software, Network, and People) and ability to apply defensive tactics to defend against them, as well as prevention for future attacks based on new technology being developed.
  • Familiarity with common security monitoring technologies including Intrusion Detection Systems (IDS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc. for purposes of comprehensive log analysis.
  • Solid understanding of various attack methods ranging from DDoS, Exploits, Malware
  • Ability to analyze data to identify trends and weaknesses and develop programs to address them
  • Collaboration: Leverage others (people, group, services) to achieve maximum results. Use collaboration tools effectively to support the process
  • Familiarity with working with law enforcement authorities
  • Experience leading collaborative post-mortem and root cause analysis efforts and creating/implementing their remediation plans
  • Ability to work with teams both on shore and off shore, using remote collaboration technologies
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
  • Highly motivated and organized with excellent time management and problem solving skills
  • Demonstrated ability to write business and technical reports and participate in presentations
  • Industry experiences in high-tech preferred
  • Minimum – Bachelor's Degree Information Technology or related field
  • A minimum of 5-7 years of experience in Information Security
  • CISSP preferred but not required, CFE, CPP or SANS certifications are desirable

Kiran Raj Biswal
Contract Recruiter

Direct:- 804-885-0884
Hangout: kiranraj.biswal1