Sr Cyber Defensive Forensics Investigator

Location: OWINGS MILLS, MD, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 221998
Date Posted: Nov 8, 2019

Share: mail

Job Description



Perform, under the guidance of the Manager, Cyber Defense Forensics Team, forensic data gathering and analysis in support of investigation, incident response, and eDiscovery activities. Coordinate activities with the Incident Monitoring and Incident Response Teams as necessary. Identify, collect, examine, and preserve evidence using controlled and documented analytical and investigative techniques.

- Under the guidance of the Manager, Cyber Defense Forensics Team: perform digital forensic analysis in conjunctional with Security, Legal / Ethics, HR, and other investigation drivers. This includes, but is not limited to, analysis of hard drives, mobile devices, cloud platforms, and Operational Technologies. Provide technical summary of findings in accordance with established reporting procedures. Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. Examine recovered data for relevant information. Provide criminal investigative support to trial counsel during the judicial process.

- Under the guidance of the Manager, Cyber Defense Forensics Team: perform digital forensic exploration of various media types through the application of advanced methods, tools, and research techniques. Create a forensically sound duplicate of the evidence (i.e. forensic image) that ensures the original evidence is not modified, to use for data recovery and analysis. Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.

- Identify and report on data usage and methodology

- Perform cross-media analytical correlation

- Conduct deep-dive analysis of malicious software packages across a variety of target systems

- Create written products based on analysis of data

- Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, encryption, and network security

- Assist in identifying, investigating, and analyzing computer network intrusions

Provide relevant Exelon departments with digital forensic data to support eDiscovery, investigation, and incident response activities for all Exelon-managed assets. Identify, collect, examine, and preserve evidence using controlled and documented analytical and investigative techniques.



- Bachelor’s Degree in Computer Science or a related 4-year technical degree with 5 to 8 years of experience in IT or cyber security, or equivalent combination of education and work experience.
- 5+ years experience in one or more of: computer evidence seizure; forensic analysis and data recovery; intrusion analysis and incident response; network protocols; network devices; multiple operating systems; IT systems support; secure architectures; and malware analysis
- Excellent written and verbal communication skills for a diverse audience (executive, Legal, HR, Security, etc.)
- Precise attention to detail 
- Knowledge of forensic artifacts from various operating systems. Understanding of typical corporate network infrastructure/experience navigating same
- Knowledge of concepts and practices of processing digital forensic data
- Knowledge of incident response and handling methodologies
- Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody)
- Knowledge of investigative implications of hardware, operating systems, and network technologies
- Knowledge of legal governance related to admissibility (e.g., Federal Rules of Evidence)
- Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or other destruction of data
- Knowledge of volatile data types and collection methods
- Knowledge of cloud data collection, analysis tools, and related techniques
- Comprehensive knowledge of common networking protocols: HTTPS, DNS, DHCP, SMTP, NTP, SSH, SFTP 
- Knowledge of cybersecurity principles and organizational requirements relevant to confidentiality, integrity, and availability, and the stages of incident response 
- Knowledge of new and emerging and cyber security technologies
- Knowledge of the social dynamics of computer attackers in a global context

- Fluency with general cyber security concepts: intelligence-driven detection, CIA model, threat lifecycle management, incident response kill chain, NSM, IR, DFIR
- Cyber Defense Operations process design and management, including examples of successful collaborations and independent contributions
- GFCA, GCFE, GCIH, GREM, or similar certifications
- Ability to demonstrate analytical skills, technical knowledge, and the practical application of cyber security principles to business leaders and technical staff
- Demonstrated knowledge of cyber defense policies, procedures, and regulations 

Share: mail

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs

Personalize this site