Engineer, Digital Forensics and Incident Response (DFIR)

Information Technology ROCHESTER, New York ALLEN, Texas Dallas - Fort Worth, Texas Remote, Remote


Description

Engineer, Digital Forensics and Incident Response (DFIR) - will provide expertise in conducting digital forensics investigations, threat hunting, and will be the “tier 3” escalation point for Incident Response activities. The Engineer (DFIR) will work with a team of analysts and engineers focused on detecting and investigating cyber incidents in the Frontier corporate enterprise and telecommunications network.

Responsibilities:

  • Lead and conduct digital forensics on endpoints (workstations, servers, and mobile devices) to support internal investigations and Legal matters.
  • Perform eDiscovery tasks to support Legal requests
  • Provide 3rd level incident response support
  • Develop procedures to analyze user and asset activity
  • Develop and execute proactive threat hunting use cases
  • Works with Cyber Security Operations Center to develop advanced playbooks
  • Enhances Incident Response procedures
  • Provides DFIR expertise to Physical Security, Human Resources, and Legal teams.
  • Produces high quality and thorough reports in support of Incident Handling and Forensics work.
  • Mentors junior team members and CSOC personnel.

Qualifications:

  • 5 years experience working conducting Digital Forensics and/or Incident Response in a large corporate setting
  • Demonstrated experience working with commercial forensics tools
  • Demonstrated experience working with SIEM and EUBA platforms
  • Strong experience in scripting (Powershell, Python, etc.) and big data search language processing (Splunk, Elastic Search, ect.)
  • Experience with Malware analysis
  • Experience with advanced Endpoint Detect & Response platforms (EDR)
  • Strong understanding of network-based attack activity and experience with firewall logs, IDS, and IPS
  • Effective at operating independently on highly confidential work
  • Strong communications skills; both verbally and in written form
  • BS in Computer Science, Information Security, or Equivalent experience
  • Holds one or more of the following security certifications: CISSP, GCFA, GCFE, GNFA, GCIH, CFCE, ENCE

#LI-Remote

Frontier Communications is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.