A strong multi-tasker with a keen eye for detail, a successful Cyber Security Forensic Analyst can put themselves in the mindsets of criminals. They are well organized and thrive in fast-paced, high-stress scenarios. In addition to these general skills and personality traits, ZeroDay Partners is seeking Forensic Analyst candidates with the following skills to be considered for incoming opportunities:
Potential Responsibilities: The following is a list of skills that the ideal candidate will have experience in. Depending on the specific role within the team, the responsibilities may vary from the list below.
- Conduct analysis of log files, evidence, and other information to determine best methods for identifying evidence.
- Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
- Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CDs, PDAs, mobile phones, GPS, and all tape formats.
- Provide technical summary of findings in accordance with established reporting procedures.
- Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
- Examine recovered data for information of relevance to the issue at hand.
- Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment.
- Perform file signature analysis.
- Perform hash comparison against established database.
- Perform real-time forensic analysis.
- Perform timeline analysis.
- Perform static media analysis.
- Perform tier 1, 2, or 3 malware analysis.
- Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures).
- Recognize and accurately report forensic artifacts indicative of a particular operating system.
- Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], SIFT, EnCASE).
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
- Utilize deployable forensics toolkit to support operations as necessary.
- Perform Windows registry analysis.
- Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.
- Write and publish recommendations, reports, and white papers on incident findings to appropriate constituencies as necessary.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of encryption algorithms
- Knowledge of windows and linux operating systems.
- Knowledge of server and client operating systems.
- Knowledge of server diagnostic tools and fault identification techniques.
- Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
- Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
- Knowledge of anti-forensics tactics, techniques, and procedures.
- Completion of a Bachelor’s degree or equivalent program in Cyber Security, Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience)
- 1+ years of experience as a cyber security analyst or related role.
- Certifications preferred but not required.
Chicago, IL and neighboring cities, nationwide positions coming soon