Digital Forensic Examiner and Incident Responder

Digital Forensic Examiner and Incident Responder page is loaded## Digital Forensic Examiner and Incident Responderremote type:
Remote locations:
Irvine, CA, United States of America time type:
Full time posted on:
Posted Yesterday job requisition :
R-113825
** Accelerate your career. Join the organization that's driving the world's technology and shape the future.
** Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to business-to-business technology experts. Our market reach, diverse solutions and services portfolio, and digital platform Ingram Micro Xvantage set us apart.

Learn more atCome join our team where you’ll make technology happen in surprising ways. Let’s shape tomorrow - it’ll be a fun journey!

The Principal Digital Investigator will work within the Security Incident Response Team (SIRT) to assess, analyze and respond to serious information security events and incidents in a global company.  This position requires relevant digital forensic certifications such as the EnCase Certified Examiner (EnCE), Magnet Axiom Certified Forensic Examiner, Cellebrite Certified Mobile Examiner, and others.  The position also requires significant experience in securing physical and digital evidence and performing forensic examinations.  

This position will work with other information security teams as well as Information Systems teams to stop security events in progress, investigate all aspects of an event, and produce written reports.

** Your role:
*** Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
* Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and the SIEM to determine source of compromises and malicious activity that occurred.
* Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
* Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
* Participate with Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
* Maintaining proper chain of custody of evidence and associated documentation
* Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.
** What you bring to the role:
*** Bachelor’s degree in computer science, Engineering, Science, Math or Cyber Security related field is required.

* Work Experience:

Minimum 8 - 10 years functional experience including a minimum of 5+ years directly related to this role in incident response and digital forensics.
* 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase or AXIOM tools.

Preference given for experience conducting MacOS examinations.
* 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
* 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent).
* Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
* Experience with cloud services.
* Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
* Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
* Deep understanding of internals and constructs of modern operating systems. (Windows/MacOS/Linux/Unix)
* Experience with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic…