Senior Forensic Engineer - Trace3 Irvine, CA, United States Bookmark Share Print 493 1 2

Listing Description

Our Senior Forensic Engineers performs a variety of highly technical analyses and procedures dealing with the collection, processing, preservation, analysis and presentation of computer-related evidence. You will spend time recovering information from computers and data storage devices, conducting analysis on your findings, and providing reporting on your analysis and recommendations. This position will use forensic tools and investigative methods to find specific electronic data including use history, documents, images, logs, and other files key for the investigation of system compromises, intellectual property theft, and personnel issues.

This is an opportunity for an individual who is an experienced forensicator, and wants to take an active role in establishing a new digital forensics program. Your involvement in our team’s efforts will be wide and broad, with an impact felt throughout the organization. Enjoys being part of a new team and creating everything from the ground up, implementing the tools and process that our team will us to find the badness or the materials needed by our customers.

What You’ll Bring to Trace3:

• Minimum 6 years related experience in designing, building and running forensic programs for cases involving intellectual property theft, human resources (HR) issues, compromised systems, and malware investigations.

• Demonstrated experience in the field of digital media forensics. Well-versed in chain of custody, media imaging, digital forensic processes and procedures for common media and systems; with the willingness and drive to constantly improve these procedures.

• Experience with and proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems.

• Understanding of computer file and operating systems (UNIX, Windows, Mac OS, Linux), hardware (desktop, laptop, server), file systems (NTFS, FAT, HFS/HFS+, EXT2/3), email data formats (EDB, PST, NSF, MBOX, EMLX, EML, MSG, etc.), file metadata, electronic documents, databases (SQL, Oracle, etc.) and document management systems (Documentum, SharePoint, etc.) as they relate to forensic data acquisition and analysis.

• Proficiency in data collections from cloud and web services for eDiscovery and forensic acquisitions (e.g. Social Media, Gmail, Hotmail, Dropbox, Amazon, iCloud etc.).

• Proficiency in data collections from email archiving appliances.

• In-depth experience with file system forensics.

• In-depth experience with email analysis, signature and hash analysis, timeline analysis, registry analysis, and Internet history analysis.

• Demonstrated experience with forensics tools such as EnCase, Forensic Toolkit (FTK), Xways, Nuix, Paraben, and other common toolsets in the forensics profession.

• Understanding of steganography and encryption detection and analysis

• Knowledgeable about and able to apply open-source and proprietary information within the industry.

• Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical experience. Ability to interact with customers and co-workers both in person and in writing.

• Ability to research highly technical topics and derive logical conclusions using well thought out processes.

• Ability to combine information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risks.

• Must be able to quickly parse out "the big picture" from copious amounts of information, yet dwell on the minutia whenever necessary.

• Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.

• A willingness and desire to learn.

• Must be a conscientious, punctual, professional and devoted member of our team; with the ability to safeguard sensitive, restricted, and other information deemed to have special handling and dissemination protocols.

• Highest level of ethics and core values. This role and our team demands excellent character and discretion in handling sensitive and critical information, as well as the ability to pass financial and criminal background checks.

• Effective when working under pressure and good enough to make sure that rarely happens.

• Ability to travel within the continental United States up to 30 percent of the time for company and client meetings, conferences, and engagements.

• Bachelor's degree, a combination of experience and/or Associates degree, or an equivalent combination of equivalent education and work experience. Degree must be from an accredited institution, with degree in a technical discipline or significant coursework in software development, information security, forensic sciences, and/or information technology is preferred.

• At least five (6) years in Information Technology and/or Information Security, including at least three (5) years doing information security risk management, including intrusion analysis, monitoring and detection, threat/vulnerability analysis, digital forensics.

Preferred Skills:

• In-depth, practical knowledge of how legitimate users administer, use, and secure common operating systems and cloud platforms, and how malicious actors exploit them.

• In-depth knowledge of how legitimate users administer, use, and secure common consumer and enterprise network devices and systems, and how malicious actors exploit them.

• Understanding of information security architecture, mitigation of threats, compensating controls, and the Cyber Kill Chain.

• Thorough understanding of computer networking, routing, and protocols.

• Thorough understanding of malware analysis, and reverse engineering.

• Experience in legal proceedings and providing testimony.

• Experience with various scripting and programming languages such as Python, Perl, Java, PowerShell, etc with a focus in forensic tool and script development.

• Having or planning to have certifications in digital forensics are a plus. Such vendor agnostic certifications would include the:

o Certified Forensic Computer Examiner (CFCE)

o ISFCE Certified Computer Examiner (CCE)

o ISC(2) Certified Cyber Forensics Professional (CCFP)

o SANS Global Information Assurance Certification Forensic Examiner (GCFE)

o SANS Global Information Assurance Certification Forensic Analyst (GCFA)

o SANS GIAC Advanced Smartphone Forensics (GASF)

o or vendor specific certifications such as the:

 EnCase® Certified eDiscovery Practitioner(EnCEP®)

 EnCase® Certified Examiner(EnCE®)

 Certified Forensic Security Responder (CFSR)

 or training/certifications by other digital forensics/eDiscovery vendors.

The Perks:

• Work with a team of experienced information security professionals who are published authors, requested speakers at conferences, and are active in the information security and hacker communities – who help each other learn and grow personally and professionally.

• Competitive Compensation

• Comprehensive medical, dental and vision plans for you and your dependents

• 401(k) retirement plan, 529 college savings plan, life insurance, and AD&D

• Training and development programs

• Stocked kitchen with snacks and beverages

• Collaborative and cool office culture

• Work-life balance, where we don’t encourage fun and relaxation time; we actually require it

• Unlimited vacation to relax, restore and refresh

This position is a regular, full-time opportunity with Trace3 in Irvine, CA. Alternative locations would include Denver, Colorado; Phoenix, Arizona; or San Diego, CA with occasional remote work opportunities.

• Perform digital forensics and eDiscovery services including forensic digital evidence collection and preservation, forensic analysis, data recovery, electronic mail and file extraction, and database examinations. Extract evidence from computers, phones, tablets, cameras, thumb-drives, and just about any other form of digital media.

• Conduct analysis on findings, pulling together indicators of compromise (IoCs), event timeline, and summary of situation with recommendations for mitigation and path forward.

• Present evidence and findings to leadership, customers, and possibly law enforcement and legal entities.

• Take an active role in developing and deploying sound and well-documented digital forensics-related products and services, provide ongoing support, and implement improvements that advance the effectiveness and efficiency of our digital forensics efforts. Develop user guides to standardize practices across the organization and increase efficiency.

• Develop, test, deploy, update, and patch computers, forensic software and forensic equipment (such as writeblocks and standalone data acquisition devices (imagers)); as well as various types of network equipment, such as switches, routers, and monitoring devices needed for our operations.

• Provide support to assemble, configure, modify, test, maintain, and prepare computer, digital forensics, and network equipment to support the continual operational use of digital forensics investigations.

• Sanitize, prepare, and label digital media for use, in line with our standards.

• Manage projects from start to finish detailing to clients the importance of each step, providing proper guidance. Report project progress as required, both internally and externally.