Engineer III, Digital Forensics & Incident Response

PenFed is hiring a (Hybrid) Engineer III, Digital Forensics & Incident Response at our Tysons, Virginia; San Antonio, Texas; Irving, Texas or Omaha, Nebraska location.  The purpose of this job is to perform the duties of PenFed ASIC’s DFIR and Forensics team leader.  This position will manage security incidents, investigate security risks and/or incident response operations within the environment, and act in handling and responding to all security incidents  that are detected by PenFed’s enterprise network.  This role combines leadership, technical expertise, and strategic thinking.

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
• Lead, investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified.
• Supervision over the DFIR Incident Handler/Analyst Team
• Forensically analyzed end user systems and servers found to have possible indicators of compromise.
• Provide engineering and administrative functions for all tools in support of the DFIR mission.
• Train and assist other analysts/engineers and provide guidance on best practices in forensics and incident response.
• Complete complex analysis of artifacts collected during a security incident/forensic analysis.
• Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools and partner organizations/technologies.
• Interface and communication with server owners, system custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation actions.
• Provide expert consultation and forensic analysis on security incidents.
• Acquire, preserve, and analyze digital evidence following chain of custody and industry best practices.
• Identify root causes, attack paths, and indicators of compromise.
• Maintain, manage, improve and update the system forensics process and protocol documentation.
• Regularly provide reporting and metrics on case work
• Provide SME level resolution of security incidents by identifying root causes and solutions through forensic analysis.
• Analyze results in investigative matters and develop fact-based reports.
• Develop and maintain incident response playbook, runbooks, and communication protocols.

*This role is responsible for ensuring business continuity.*

Equivalent combination of education and experience is considered.

• Bachelor’s degree in information security / technology or related field, or equivalent combination of education & experience in information security in a large, highly regulated enterprise.
• Minimum of eight (8) years of work experience in the Cyber Security field.
• Minimum of three (3) years prior Forensics / Incident Response team lead experience.
• Minimum of two (2) years prior security analysis experience is required.
• Knowledge of security response operations, threat identification and forensic analysis software, equipment, and processes required.
• Knowledge of  EDR/XDR platforms and SIEM technologies.
• Proficient technical level of digital forensic and security incident response required.
• Capable of identifying vectors of threats and security incidents, able to remediate or coordinate remediation efforts of a security incident and develop documentation to support the security incident response process required.
• Demonstrate integrity and judgment within a professional environment.
• Ability to appropriately balance work/personal priorities.
• Experience configuring and managing security systems.
• Experience configuring and managing UTM devices.
• Experience using Threat Intelligence Platforms for continuous monitoring.
• Experience using vulnerability management/scanning tools and obtaining valuable output for senior management.
• Strong Host based security experience. Ability to leverage Host based security systems to perform proper incident investigations and resolution.
• Strong filesystem and malware behavioral knowledge. Experience building a forensics capability. Strong experience with forensics tools for incident response.
• Knowledge of the Cyber threat landscape and APT groups.
• Knowledge of the MITRE ATT&CK Framework and ability to identify incident types and attack lifecycle
• Knowledge of change management process and experience proposing and presenting changes to the enterprise infrastructure.

   

Supervisory Responsibility

This position will not supervise employees.

Licenses and Certifications

Must have at least two (2) certifications in the field of information security from a respectable security organization.  Desirable certifications include, but not limited to:
GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP or equivalent Certifications
 

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

Travel

Limited travel to various websites is required.

#LI-Hybrid