This role is open to.
Required Background and Experience:
- Identify, analyse, and present evidential data from workstation orientated systems, including but not limited to systems installed with Microsoft Windows; and
- Such candidates will have experience in investigating specific facets or workstreams of various incident scenarios/investigations as part of a broader DFIR/investigative team; and
- This selected candidate will have accumulated some form of generalist or broad knowledge in computing and networking, together with at least a generalist understanding of information security technologies, techniques, and processes; and
- The ability to participate unsupervised on incidents/investigations from commencement to cessation.
Knowledge in one or more of the following Digital Forensics, and Incident Response (DFIR) background(s) will be advantageous, though not required:
- Knowledge of operating system artefacts, file systems, and inner workings of the following:
- Microsoft Windows; and/or
- Apple MacOS; and/or
- Linux/Unix distributions (distros) with particular focus on RedHat.
- Cloud and/or containerization technologies (i.e. Docker and Kubernetes) within an enterprise environment.
Desirable Qualifications and Skills:
- Bachelor’s degree in a Computer Science, Computer Engineering, Information Security or Cyber/Digital Forensics related discipline; and/or
- Digital Forensics and Incident Response Certification (i.e. EnCE or related SANS certification, such as GCFA); and/or
- Cloud related qualification or certification, such as CompTIA Cloud+, or any other related qualification in respect of Microsoft Azure or Amazon Web Services (AWS); and/or
- Linux Qualification or Certification, such as Red Hat Certified System Administrator (RHCSA); and/or
- Scripting experience within Windows or Linux environments
What you will do:
Not one day is the same for the Cyber Threat Defence (CTD) team and this is especially true for Digital Forensics (DF). Anyone working within the Digital Forensics team can expect the following:
- Utilising your Digital Forensics and Incident Response skills to participate in incidents or investigations.
- Discovering unfamiliar technology or data during the midst of an incident or investigation and assessing its relevance to the issues at hand, i.e. stored information, auditing capability, evidential value etc.
- Leveraging upon your ability to communicate, either written or verbally, in a clear, concise and inclusive manner to technical and non-technical audiences with colleagues, peers and stakeholders.
- Embracing new or upcoming technologies, and assessing how they could apply or improve upon the way in which the team responds to incidents or investigations.
- Working alongside a global team with colleagues in the USA, Europe, and Asia-Pacific Region, whilst placing emphasis on collaboration, sharing of ideas or methodologies.
- Willingness to undertake and share responsibilities through the participation of an on-call schedule.