Principal Cyber Forensics Analyst
Novartis
- Czechy Warszawa, mazowieckie
- Stała
- Pełny etat
Your responsibilities include, but not limited to:
- .Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.
- Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
- Provide technical summary of findings in accordance with established reporting procedures.
- Examine recovered data for information of relevance to the issue at hand.
- Perform file signature analysis.
- Perform file system forensic analysis.
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Collaborate with stakeholders to define requirements and ensure the tools used align with the organization's needs.
- Support the design and implementation of processes to collect and analyse forensic evidence
- Evaluate, select, and implement tools and technologies that aid in the analysis and correlation of incident data. This may include data analytics platforms, machine learning algorithms, and visualization tools.
- Develop scripts, workflows, and automation tools to streamline the collection, analysis, and dissemination of evidence
- Collaborate with other functions support the SOC efforts
- Stay updated with the latest trends and technologies in cyber forensic and continuously improve the infrastructure.
- 6 to 8 years of experience in the SOC, including 2 years performing Forensics duties.
- Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
- Knowledge of data carving tools and techniques (e.g., Foremost).
- Knowledge of anti-forensics tactics, techniques, and procedures.
- Knowledge of concepts and practices of processing digital forensic data.
- Skill in preserving evidence integrity according to standard operating procedures or national standards
- Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
- Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
- Skill in analyzing anomalous code as malicious or benign.
- Skill in analyzing volatile data.
- Skill in processing digital evidence, to include protecting and making legally sound copies of evidence.
- Ability to conduct forensic analyses in and for Windows, MacOS and Unix/Linux environments.
- Skill in identifying obfuscation techniques
- Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.
- Skill in conducting bit-level analysis.
- Skill in analyzing memory dumps to extract information.
- Knowledge of reverse engineering concepts.
- Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).
- Knowledge of binary analysis.
- Skill in deep analysis of captured malicious code (e.g., malware forensics).
- Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
- Skill in analyzing malware.
- Strong understanding of network protocols, security technologies, and threat intelligence concepts.
- Proficiency in programming languages such as Python, scripting, and automation tools.