Sr. Staff - Forensics Analyst

Your Opportunity

The CSOC consists of 3 work streams; SOC (Security Operations Center), DFIR (Digital Forensics Incident Response) and Cyber Threat-Intelligence. DFIR is responsible for the identification, collection, correlation, analysis, and reporting of computer-related security events and incidents. This includes data collection and analysis from internal and external sources, to achieve the goal of reducing risk to the firm.

This individual works closely with a broad range of professionals at all levels within Schwab technology, internal and external legal, HR, and business representatives.  The position will conduct investigations for malware campaigns and social engineering.  The Sr. Staff - Forensics Analyst will receive and respond to escalations from the Security Event Center.  They will be expected to use Cyber intelligence to proactively seek out threats and protect the firm from harm.

What you are good at

• Liaison with Business Units, HR, Legal and/or external entities – Strong EnCase background
• Assist in development and maintenance of the DFIR functions
• Understand all phases of Incident Response and know which tasks occur at each phase: identification, containment remediation, recovery, after action reporting/lessons learned
• Participate in Malware campaigns and malware analysis. including Static, Dynamic and Reverse analyzing
• Complete technical forensics to include computer, memory, mobile and network forensics
• Threat hunting; run searches against the SIEM for data hits or malicious activity
• Identify type of attack and mitigating security reaction: denial of Service attacks (DNS, DDoS, Layer 7, etc.)
• Utilize Cyber Intelligence work product for threat hunting and gauging our security posture to further strengthen security controls or providing information regarding findings to cyber intelligence
• Develop indicators and cyber intelligence data to supply the Cyber Intelligence function with data for sharing, reporting and metrics
• Handle high level incident response investigations coming from the Security Event Center, such as targeted web application attacks, DDoS attacks, Malware analysis or persistent scanning or foot printing activities
• Ongoing networking, building intelligence networks
• Continuous learning to maintain competitive advantage in the security space
• Review of current tools and processes to find efficiencies or increased capabilities
• Conduct investigations for malware campaigns, social engineering campaigns, and data breach events
• Respond to escalated security events from the SOC in a timely manner.  This may include malware analysis, targeted attacks, social engineering campaigns, DDoS attacks and related activities with 24x7 coverage

What you have

• Served as Incident Response Handler
• Advanced malware analysis and response.  Dynamic, Static and reverse analysis
• Computer, Memory & Network Forensics knowledge
• Knowledge Chain of custody and proper evidence handling
• Advanced and current knowledge of malware families, campaigns and related threat groups
• Experience with networking environments including Windows networking, Cisco, Juniper
• Experience with Unix, Linux, Mac operating systems
• Experience with litigation support and e-discovery
• Support complex investigations into criminal activity, computer security incidents, policy violations, and compliance inquiries using forensic best practices
• Knowledge of social engineering campaigns, exploit kits, tactics and techniques used by threat groups.
• Assists in threat hunting operations with the CSOC
• Advanced knowledge of network security and DOS/DDoS attacks and mitigation.  Including DNS and Layer 7 attacks.
• Advanced knowledge of web attacks and response (Web Application Firewalls, Network Firewalls, etc)
• CISSP preferred
• Industry Certification Required (This may me application agnostic or Major Vendor Security Certification) Examples would be GCIH, GCFE, GCFA, CEH, ECIH, EnCE, CISM, CISA or other.
• Military education or experience may be considered in lieu of civilian requirements listed

“In addition to the salary range, this role is also eligible for bonus or incentive opportunities.”