Security Engineer (DFIR Lab)

Overview:

Manage and maintain the DFIR Lab’s infrastructure, hardware, software, process and documentation. 

Responsibilities:

• Maintain and manage the team’s DFIR Lab’s hardware and software systems, ensuring availability and performance for the team engagements
• Keep the team’s DFIR Lab’s asset inventory up to date and contribute to the process of license renewals, purchases and budgeting
• Deploy, configure and maintain forensic and incident response tools like EnCase, Magnet Axiom, FTK, Cellebrite, THOR, Velociraptor, KAPE, IDA Pro, etc.
• Configure and optimize forensics workstations and laptops, war laptops, servers and storage systems
• Ensure the team’s DFIR Lab adheres to security, privacy and data integrity standards
• Implement access controls, logging, audit trails and monitoring solutions to secure the lab environment
• Evaluate and contribute to the testing and recommendation of new tools and technologies to enhance the Lab’s capabilities
• Develop and maintain scripts or automation tools to streamline workflows and improve efficiency
• Contribute to process documentation and continuous service improvement activities
• Create and update SOPs for lab operations
• Document forensic processes, lab configurations and tool usage guidelines
• Collaboration with customers to deploy hardware and software for assessments and incident response engagements
• Execute lab tasks in support of cyber incident response engagements
• Proficiency with Digital Forensics & Incident Response tools (Cellebrite, THOR, Velociraptor, KAPE, IDA Pro, Security Onion, FTK Imager, Magnet Axiom, EnCase and others)
• Good understanding of Incident Response and Digital Forensics tools deployment and functionalities such as EDR, NDR, forensic artifact collectors, intrusion detection, security monitoring, log management
• Experience with digital forensics software and equipment such as write blockers, specialized cables and wires in a technical environment, forensics workstations, forensics laptops, adapters and connectors
• Experience with (or at least knowledge of) evidence management and data acquisition in a lab in terms of supporting incident response and digital forensics
• Good Experience with Linux system structure, commands, functions and tools
• Good Experience with networking devices: switches, routers and firewalls
• Understanding of storage devices such as NAS
• Good Experience with virtualization using VMWare ESXi (Nutanix and other virtualization software knowledge would be a plus)
• Knowledge of building baseline system configurations for servers and workstations
• Good Experience and familiarity with server and desktop operating systems for Windows, Linux/Unix and Mac
• Experience in managing cloud-based environments

Qualifications:

Skills/ Certifications: -

Desired certifications in a minimum of one discipline: Incident Response, Digital Forensics, Cloud Computing, Linux/Windows Administration, Penetration Testing, Security Engineering such as CCE, CHFI, GCFE, INE Security, Microsoft/Azure/VMware/RedHat certification

Minimum Work Experience : -