Digital Forensics Engineer (Hybrid - Plano TX)
About the position
DXC Technology (NYSE: DXC) empowers global companies to operate their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private, and hybrid clouds. Many of the world’s largest companies and public sector organizations trust DXC to deliver exceptional service across the Enterprise Technology Stack, driving performance, competitiveness, and customer experience. Discover more about our commitment to excellence for customers and colleagues at DXC.com We are looking to hire a Digital Forensics Engineer who will provide incident handling and response as well as forensic analysis for cybersecurity investigations involving legal, security, compliance, and cybersecurity service offerings. This position requires U.S. Person status and the ability to obtain and maintain a security clearance
Responsibilities
• This engineer will be the on-site forensics lab manager supporting the forensics lab network and environment.
• Responsible for device imaging, evidence handling, litigation and discovery collections and reporting.
• The engineer will investigate possible network and host-based intrusions to find the source and extent of the compromise.
• Analysis of Windows/UNIX/Mac systems to locate and analyze malicious files and systems.
• Reverse engineer malicious software using a disassembler and debugger.
• Perform host forensic and log file analysis.
• Lab infrastructure Administration
• Setup, configure, and maintain complex security and access management solutions
• Setup, configure, and manage forensic network and evidence storage.
• Intake, process, and store evidence and maintain chain of custody.
• Build, custom servers and systems based on case requirements
• Build, configure, and maintain pooled forensic workstations for analysis.
• Build, configure, and maintain compromise artifact databases and Intelligence repositories.
• Build, configure, and maintain Out of Band networks and communication systems
• Litigation and eDiscoveryOn site collections and imaging
• Imaging of systems, laptops, desktops, mobile, USB, and network connected devices
• Encryption bypass: Checkpoint, Bitlocker, McAfee, Symantec
• Custodian collections: remote users, Microsoft Compliance Center
• Legal Hold application for users, applications, shares, devices, etc
• Building search models based on subpoenas, court filings, and attorney requirements
• Endpoint Detection and Response
• Crowdstrike & Microsoft Defender for Endpoint
• Deployment, Configuration, Tuning, Scripting, Monitoring
• Threat Analysis
• Advanced Persistent Threat (APT) Groups and Tactics, Techniques and Procedures (TTP’s)
• Detection and Investigation
• Network and Host protocols and services
• File systems, Services, Uses, Log analysis
• Malware Analysis, Remote access tools, Ransomware
• Lateral movement, Data exfiltration
• Digital Forensic & Incident Response
• Ascertain the evidentiary value of computers, network devices, and other data systems.
• Imaging of physical and virtual devices
• Imaging and collection cloud systems
• Analysis of systems and Proprietary REAPS
• Advanced Persistent Threat (APT) Groups and Tactics, Techniques and Procedures (TTP’s)
• Detection and Investigation
• Network and Host protocols and services
• File systems, Services, Uses, Log analysis
• Malware Analysis, Remote access tools, Ransomware
• Lateral movement, Data exfiltration
Requirements
• U.S. Person status and the ability to obtain and maintain a security clearance
• Fundamentals of computer networking (routing, firewalls, VPNs, etc)
• Principals of computer forensics: evidence handling, chain of custody, and incident response.
• Performance of procedural forensic analysis including data gathering, imaging, investigation, report writing and briefing.
• Knowledge of a wide variety of network and security devices and architecture.
• In-depth knowledge of breach detection, containment, eradication, and recovery.
• In-depth knowledge of Windows/UNIX operating systems.
• BS in a Computer Forensic Discipline or 2 years working in computer Security and 3 years working in a computer forensic / incident response position.
• Must be able to work alone or with a team in high stress situations.
• Must be able to perform critical problem solving.
• Must be able to perform network investigations in the areas of malware remediation, intrusions, or vulnerability assessments.
• Limited 24x7 and availability for domestic travel.
• Must have good speaking / presentation skills.
• Must be a self-starter with the ability to work with little or no supervision.
• Must be a U.S. Person with the ability to obtain and maintain a security clearance
• Expertise using EnCase, FTK Forensic, AXIOM, x-Ways, IDA/Ghidra, Wireshark, Volatility 3, Microsoft Purview/DLP
Nice-to-haves
• Work experience in law enforcement or computer investigations is preferred.
Apply tot his job
Apply To this Job
DXC Technology (NYSE: DXC) empowers global companies to operate their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private, and hybrid clouds. Many of the world’s largest companies and public sector organizations trust DXC to deliver exceptional service across the Enterprise Technology Stack, driving performance, competitiveness, and customer experience. Discover more about our commitment to excellence for customers and colleagues at DXC.com We are looking to hire a Digital Forensics Engineer who will provide incident handling and response as well as forensic analysis for cybersecurity investigations involving legal, security, compliance, and cybersecurity service offerings. This position requires U.S. Person status and the ability to obtain and maintain a security clearance
Responsibilities
• This engineer will be the on-site forensics lab manager supporting the forensics lab network and environment.
• Responsible for device imaging, evidence handling, litigation and discovery collections and reporting.
• The engineer will investigate possible network and host-based intrusions to find the source and extent of the compromise.
• Analysis of Windows/UNIX/Mac systems to locate and analyze malicious files and systems.
• Reverse engineer malicious software using a disassembler and debugger.
• Perform host forensic and log file analysis.
• Lab infrastructure Administration
• Setup, configure, and maintain complex security and access management solutions
• Setup, configure, and manage forensic network and evidence storage.
• Intake, process, and store evidence and maintain chain of custody.
• Build, custom servers and systems based on case requirements
• Build, configure, and maintain pooled forensic workstations for analysis.
• Build, configure, and maintain compromise artifact databases and Intelligence repositories.
• Build, configure, and maintain Out of Band networks and communication systems
• Litigation and eDiscoveryOn site collections and imaging
• Imaging of systems, laptops, desktops, mobile, USB, and network connected devices
• Encryption bypass: Checkpoint, Bitlocker, McAfee, Symantec
• Custodian collections: remote users, Microsoft Compliance Center
• Legal Hold application for users, applications, shares, devices, etc
• Building search models based on subpoenas, court filings, and attorney requirements
• Endpoint Detection and Response
• Crowdstrike & Microsoft Defender for Endpoint
• Deployment, Configuration, Tuning, Scripting, Monitoring
• Threat Analysis
• Advanced Persistent Threat (APT) Groups and Tactics, Techniques and Procedures (TTP’s)
• Detection and Investigation
• Network and Host protocols and services
• File systems, Services, Uses, Log analysis
• Malware Analysis, Remote access tools, Ransomware
• Lateral movement, Data exfiltration
• Digital Forensic & Incident Response
• Ascertain the evidentiary value of computers, network devices, and other data systems.
• Imaging of physical and virtual devices
• Imaging and collection cloud systems
• Analysis of systems and Proprietary REAPS
• Advanced Persistent Threat (APT) Groups and Tactics, Techniques and Procedures (TTP’s)
• Detection and Investigation
• Network and Host protocols and services
• File systems, Services, Uses, Log analysis
• Malware Analysis, Remote access tools, Ransomware
• Lateral movement, Data exfiltration
Requirements
• U.S. Person status and the ability to obtain and maintain a security clearance
• Fundamentals of computer networking (routing, firewalls, VPNs, etc)
• Principals of computer forensics: evidence handling, chain of custody, and incident response.
• Performance of procedural forensic analysis including data gathering, imaging, investigation, report writing and briefing.
• Knowledge of a wide variety of network and security devices and architecture.
• In-depth knowledge of breach detection, containment, eradication, and recovery.
• In-depth knowledge of Windows/UNIX operating systems.
• BS in a Computer Forensic Discipline or 2 years working in computer Security and 3 years working in a computer forensic / incident response position.
• Must be able to work alone or with a team in high stress situations.
• Must be able to perform critical problem solving.
• Must be able to perform network investigations in the areas of malware remediation, intrusions, or vulnerability assessments.
• Limited 24x7 and availability for domestic travel.
• Must have good speaking / presentation skills.
• Must be a self-starter with the ability to work with little or no supervision.
• Must be a U.S. Person with the ability to obtain and maintain a security clearance
• Expertise using EnCase, FTK Forensic, AXIOM, x-Ways, IDA/Ghidra, Wireshark, Volatility 3, Microsoft Purview/DLP
Nice-to-haves
• Work experience in law enforcement or computer investigations is preferred.
Apply tot his job
Apply To this Job