Digital Forensics & Incident Response Associate Manager

US Citizenship required.
3-5 years of experience in information security or an equivalent combination of education and work experience.
3+ years of experience in performing digital forensics on both physical and cloud systems.
2+ years of experience in event and log analysis with tools such as Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data Loss Prevention tools, and Security Information and Event Management (SIEM) solutions.
1+ years of experience in investigating, containing, eradicating, and preventing security compromises, including implementing or requesting IP/domain/URL blocks, file hash blocks, email purges, software removal, and device reimaging.
1+ years of experience in collecting, processing, reviewing, and producing Electronically Stored Information (ESI) for legal teams.
Exceptional written and oral communication skills, attention to detail, and interpersonal skills.
Experience in presenting complex technical information to decision-makers and guiding them through the decision-making process.

Ingest and properly handle evidence, analyze it, and perform investigations.
Collaborate with operations teams and management to resolve security issues.
Perform malware analysis and provide recommendations to strengthen security.
Maintain excellent communication skills and thorough knowledge of incident response lifecycles, digital forensics, evidence handling, common cyber-attacks, and federal incident reporting requirements.

Familiarity with various network and host-based security applications and tools, including network and host assessment/scanning tools, intrusion detection systems, and other security software.
Experience with TCP/IP, common application layer protocols, and packet analysis.
Experience in performing static and dynamic malware analysis.
Knowledge of indicators of attack and compromise.
Understanding of detection design and engineering concepts to fine-tune detections.
Familiarity with Windows/Linux architecture and endpoint analysis.
Proficiency in basic data parsing and analysis tools such as Excel, grep, sed, awk, regex, etc.
Understanding of evidence preservation and chain of custody.
Familiarity with the Electronic Discovery Reference Model (EDRM) for ESI discovery, preservation, and production.
SANs GIAC Certifications (e.g., GCED, GCLD, GCIH, GCFA, GREM).
Expertise in Digital Forensics, Network Forensics, Memory Forensics, Malware Analysis.
Proficiency in eDiscovery and forensic software (Nuix, Microsoft Purview eDiscovery, EnCase, Cellebrite, Sumuri, FTK).
Scripting skills (PowerShell, Bash, Python).
Experience with Microsoft SIEM solutions (Sentinel, Defender).