DFIR L2 | DIGITAL FORENSICS SYSTEM ANALYST | DIGITAL FORENSICS INCIDENT RESPONSE

14/01/2022

Roma

Job description

Techyon is the first Head Hunter which exclusively specializes in the search and selection of professionals and managers in the Information Technology field. Our Recruitment Engineers select the best IT profiles for prestigious IT consulting firms, banks, service companies, manufacturing groups, start-ups of excellence and digital DNA companies.

About the Company: for an innovative company, specialized in the IT Security field, our Recruitment Engineers are looking for a DFIR L2 (Digital Forensics System Analyst).

Core Responsibilities:

 

  • Travel to client’s locations if is required.
  • Conduct local and remote live evidence extraction, dead evidence extraction and digital computer forensics investigations on Windows/Linux/macOS systems.
  • Conduct digital forensics investigations on mobile devices, both iOS and Android.
  • Triage malware species to decide when to conduct deep malware analysis.
  • Conduct simple malware analysis to extract IOC.
  • Elaborate own CTI from extracted IOC.
  • Obtain CTI from common repositories (E.g. MISP, OTX) to apply in current investigations.
  • Feed own CTI repositories (E.g. MISP, OTX) to apply in TH investigations.
  • Contribute to incident response life cycle.
  • Reporting conducted investigations to DFIR leader.

Job requirements

Must Have
  • Solid foundation in networking protocols and network architecture.
  • Local and remote live evidence extraction from Windows/Linux/macOS systems.
  • Local evidence extraction from mobile devices, both iOS and Android.
  • Network live evidence extraction.
  • Disk cloning, both hardware and software.
  • Analyze Windows, Linux, macOS, forensic artifacts, both memory and file system.
  • Analyze mobile forensic artifacts, both iOS and Android.
  • Analyze network forensic artifacts, both traffic flow and network security devices logs.
  • Editing and creation of typical digital forensics tools enhancers (E.g. YARA rules, Sigma rules, KAPE targets and modules).
  • Automating forensic artifacts collection with scripting languages (E.g. PowerShell).
  • Malware analysis capabilities.
  • IOC creation and sharing (Eg. MISP, OTX).
  • Bachelor's or master's degree with qualifications in computer science, telecommunication engineering and information technology, cyber security, or equivalent education experience
  • Fluent English (level B2)
Nice to have:

Certifications: EC-Council Computer Hacking Forensic Investigator (CHFI), SANS FOR498 Battlefield Forensics & Data Acquisition (GBFA), SANS FOR500 Windows Forensic Analysis (GCFE), SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics (GCFA), SANS FOR509: Cloud Forensics & Incident Response, SANS FOR518: Mac and iOS Forensic Analysis and Incident Response (N/A certification), SANS FOR526: Advanced Memory Forensics & Threat Detection (N/A certification), SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (GNFA), SANS FOR578: Cyber Threat Intelligence (GCTI), SANS FOR585: Smartphone Forensic Analysis In-Depth (GASF), SANS FOR608: Enterprise-Class Incident Response & Threat Hunting, SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques (GREM).

Other info

Availability for shift work and short business trips.

Location: Roma.

Fill in the following fields to apply.

Upload your CV (.pdf)* Can't upload your CV?

Candidates Privacy Policy