The Digital Forensics and Investigations Analyst acts as a point for information gathering and clearing in support of internal investigations and information gathering requests. The analyst will document investigative process within those data stores, automate data collection for investigations, collaborate with a range of internal work areas in collaboration with other team members.
· The analyst will work to perform security investigations, provide forensic services to support the team, assist in the maintenance of forensic and investigative plans and procedures, and participate in security incidents, investigations, and digital forensic inquiries.
· He will interface directly with systems embedded within the IT architecture of EY (i.e., parsing log data and correlating electronically stored information from multiple systems). The candidate must be competent to work at a high technical level in IT environments, capable of identifying threat vectors and relevant information within log data/artefacts, have the ability to effectively document their forensic and investigative actions and communicate findings and follow-up actions with a range of stakeholders.
· The analyst is also responsible for identifying opportunities to improve work flow, enhance information security practices, and expedite data retrieval and analysis for proactive and reactive investigations.
Main responsibilities are:
· Provide support and on occasion lead security investigations when required
· Advise and assist internal requestors on the relevance of information derived from internal and external sources associated with information security matters, digital forensic inquiries and investigative work
· Identify and propose areas for improvement in information security documentation as required
· Interview individuals, distill conversation into notes and be able to create a summary of the interview.
Analytical/Decision Making Responsibilities:
· Help analyse findings in investigative matters, and develop fact-based technical reports detailing events over specified periods of time
· Demonstrated integrity and judgment within a professional environment
· Ability to appropriately balance work/personal priorities
· Flexibility to adjust to multiple demands, shifting priorities, ambiguity and rapid change
· Global mind-set for working with different cultures and backgrounds
· Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
· Ability to work in time-sensitive and stressful situations with ease and professionalism
· Possess an efficient and versatile communication style
· Knowledge of existing and emerging legal issues within information security environments (i.e., data privacy)
· An Information Security background or knowledge to speak intelligently to both technical and non-technical teams and understand the variation of risks posed to the firm in different situations
· Good verbal and written communication skills
· Bachelor or Master level degree in Computer Science, Information Systems, Engineering, or a related field.
· 3+ years of experience in one or more of the following:
· Understanding of electronic investigation, forensic tools, and methodologies. Including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes.
· Highly desirable to have performed duties wither in a law enforcement investigatory unit or an internal corporate high tech investigations unit
· Understand and have experience with Encase, FTK, Nuix, Axiom or other forensic tools
· Be familiar with a basic understanding of legalities surrounding discovery and analysis of electronically stored information.
· Experience with programming languages such as Pearl, Python, Java, Java script, C, C++, C#, ASP, .NET, Unix/Linux and Splunk highly desirable.
· Candidates must hold or be actively pursuing related professional certifications such as CISSP, Security+, EnCE, ACE, GCFE, GCIA