Digital Forensic & Investigator

สนใจสมัครงาน กรุณาส่ง E-mail ระบุตำแหน่งงานที่สนใจ และแนบประวัติ (Resume) ส่งถึง hr.recruiting@ktbcs.co.th

Responsibilities

  • Lead end-to-end incident response investigations with Accenture’s customers
  • Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
  • Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
  • Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
  • Conduct incident response within various Cloud platforms
  • Identify attacker tools, tactics, and procedures to develop indicators of compromise
  • Develop and implement remediation plans in conjunction with incident response
  • Form and articulate expert opinions based on findings and analysis
  • Produce comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
  • Effectively communicate and interface with customers, both technically and strategically from the executive level, to customers stakeholders and legal counsel
  • Support leadership in properly scoping engagements with innovative methodical approaches, based on customer requirements
  • Lead engagement delivery from kickoff through remediation, either on premises or remote, depending on customer requirements
  • On-site, customer travel will be required for this position, with the requirement to travel up to 50%

Qualifications

  • Bachelor or Master Degree in computer science, engineering, information science, or a related technical discipline
  • At least 5 years of related experience in cybersecurity or computer network defense
  • Expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite
  • Deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
  • Experience with IDA Pro, OllyDbg, other disassemblers/ debuggers
  • Thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame, Falcon, and Splunk
  • Detailed knowledge of Windows & Unix based operating systems and administrative tools
  • Windows disk and memory forensics
  • Unix or Linux disk and memory forensics
  • Static and dynamic malware analysis
  • Network traffic and protocol analysis utilizing tools such as Wireshark
  • Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application based controls (including Windows, Unix, and network equipment)
  • Excellent time management, writing and communication skills
  • Strong analytic, qualitative, and quantitative reasoning skills.