Forensic Lead

SUMMARY

The Forensic Lead directs the India Tiger Team on active projects assigned to the respective team, conducting triage-level analysis of collected data (e.g., operating system files, images, Sentinel One, logs, etc.) and performing in-depth advanced forensic analysis. The Digital Forensics & Incident Response (DFIR) team collaborates to support clients and restore business operations during incidents by identifying threat actor behavior and activity.

ROLES & RESPONSIBILITIES

• Performs digital forensic analysis on Windows, Apple Mac, and Linux-based operating systems, and analyzes networking appliances including VPN and firewall appliances
• Documents forensic findings according to Arete Forensic Tracker standards and develops a master timeline and visual attack map of events
• Identifies additional sources (systems, logs, etc.) for collection based on analysis and addresses gaps in the attack lifecycle
• Collaborates with the Security Operations Center (SOC) to utilize data from monitoring and alerts provided by installed applications and deployed EDR solutions to identify Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs) relevant to the case
• Handles complex and critical security incidents
• Delivers forensic findings and updates to the team clearly and concisely through a narrative outlining event timeline, adjusting delivery to match the audience's technical capabilities
• Tracks findings and captures data points to enrich threat intelligence and inform investigations
• Raises technical constraints and issues within the Forensics team to pinpoint incident details and escalates them to Forensic leadership
• Maintains current case analyst notes, the Forensic tracker, timeline, and attack map for team collaboration in our centralized case location
• Reviews detailed updates on investigative findings, including the timing and method of initial intrusions, adversary actions, activity timelines/lateral movements, and indicators of data access or exfiltration
• Identifies, documents, and shares critical IOCs or adversary TTPs uncovered with Incident Response, Threat Intel, and Security Operations teams
• Communicates identified IOCs to the India Tiger Team to advance investigations, restore/respond, and strengthen the client's security posture
• Utilizes incident-mapping frameworks like MITRE's ATT&CK and Lockheed Martin's Cyber Kill Chain to contextualize identified adversary actions/IOCs
• Reviews written incident reports, investigative updates, and reports as directed by counsel partners
• Communicates within the DFIR team and provides routine status updates using our case management platform
• Collaborates with cross-functional teams to leverage threat intel TTPs/IOCs, SOC/Threat Hunting team information, and Negotiations team updates to enhance incident intelligence
• Recognized as an internal expert and thought leader in area of expertise with broad experience across multiple job/specialty areas
• Plays a primary role in coaching and mentoring junior team members
• Reviews reports and appendices based on findings using standard report templates
• Accurately tracks and records time for forensic analysis
• May perform other duties as assigned by management

SKILLS AND KNOWLEDGE

• Deep understanding of forensic artifacts, including analysis of operating system artifacts and recovery of deleted items from Windows, Linux, Mac, and RAM/memory forensics
• Thorough experience analyzing network and operating system log files such as Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
• Thorough knowledge of Windows disk and memory forensics, Network Security Monitoring (NSM), network traffic analysis, and log analysis, Unix or Linux disk and memory forensic
• Proficiency with enterprise security controls
• Master of delivering technical findings to non-technical audiences
• Ability to provide findings confidently and factually
• Thorough knowledge and experience handling PII, PHI, sensitive, confidential, and proprietary datasets
• Comprehensive experience with Cyber insurance investigations

JOB REQUIREMENTS

• Bachelor's degree in information security, computer science, digital forensics, or cyber security and 8+ years of incident response or digital forensics experience or Master's degree and 6+ years related experience or Doctorate, and 4+ years related experience
• Mastery of tools like EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, Wireshark, TCP Dump, and other open-source forensic tools
• Possess two or more of the following Certifications: Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required by personnel so classified.

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete's salary and benefit policy.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

EQUAL EMPLOYMENT OPPORTUNITY

We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

When you join Arete…

You'll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we're about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

About Us

Arete Incident Response is an elite team of the world's leading cybersecurity and digital forensics experts who combat today's sophisticated cyberattacks. We work tirelessly to provide unparalleled capabilities and solutions throughout the entire cyber incident life cycle. These include incident response readiness assessments and penetration tests as well as post-incident response, remediation, containment, and eradication services.

We work in close collaboration with industry leaders and government agencies along with leading cybersecurity technology platforms to deliver an innovative, intelligence-based approach to solving our client's toughest challenges.

If you want to work with the most talented and experienced people in the industry with the desire to be a cyber hunter and industry expert, we want you to be a part of our team.