Forensic Engineer

Location
Chantilly , Virginia
Posted
Mar 24, 2017
Closes
May 05, 2017
Ref
4679
Function
Engineer
Industry
Engineering
Hours
Full Time
Forensic Engineer 

Summary

PenFed is hiring a Forensic Engineer in Chantilly, VA. This role is charged with leading the digital forensics program at PenFed, and working closely with the Threat Intelligence program to discover tactics, techniques and procedures utilized by adversaries attempting to attack PenFed.  Using discovered Tools, Tactics, and Protocols, the incumbent will hunt for malicious patterns, software, and attackers across the PenFed network, and, upon discovery, work as the primary forensic incident responder to create comprehensive reports of malicious activity.

Essential Functions

    Lead IT Security forensic investigator for computer security, legal and human resources incidents at PenFed.  Mentor other Incident Response Team and Forensic employees in incident response and forensic skills Lead the Incident Response Team and be primary technical incident handler in large incidents. Responsible for proper handling of evidence in accordance with chain of custody practices including coordination with internal investigators and law enforcement. Maintain any evidence collected by PenFed, and serve as an expert witness should any criminal prosecutions require it. Provide forensic and operational support for incident response activities. Investigate possible intrusions, develop indicators of compromise (IoCs) based on forensic investigation, and add those IoCs to the security automation platform through YARA and/or Snort rules. Research and develop new forensic methodologies and tools. Build and integrate findings into a Threat Intelligence workflow and process. Lead hunting activities. Research and recommend Digital Forensics and Incident Response products for purchase. Provide support and escalation for daily monitoring activities. Create procedures and processes for integrating Digital Forensics into currently existing Incident Response Processes. Work with project and development teams of new business solutions to define and include incident response related requirements. Responsible engineer for forensic tools such as EnCase, including installing, maintaining, administering and customizing. Administer forensic workstation(s).
 

 

Education and Experience

Equivalent combination of education and experience is considered.

    Bachelor’s Degree in information technology or related field required. Minimum of ten (10) years’ of experience in IT Security is required. Minimum of five (5) years’ of experience in forensics investigations is required. Windows forensics experience required. Complete knowledge of the digital evidence lifecycle from seizure to disposal required. Extensive knowledge of Windows Operating System and a working knowledge of Active Directory Management required. EnScript or Python experience required. Understand network protocols and packet capture preferred. Linux, Mac, iPhone forensics experience preferred. Linux administrative experience is preferred. Malware Analysis skills preferred. Compiled language experience preferred. YARA, Snort or other signature writing experience preferred.
Supervisory Responsibility

•           This position will mentor employees and lead a small team (3-5 people).

Licenses and Certifications

•           EnCase Experience and/or EnCase Certified Examiner (ENCE) or GIAC Certified Forensic Examiner (GCFE) certification is preferred.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

Travel

Limited travel to various worksites is required.

 

Physical Demand

 

While performing the duties of this job, the employee is required to meet the following physical demands:

Physical Demand

None

Seldom

Occasionally

Frequently

Reading

 

 

 

x

Writing

 

 

 

x

Sitting

 

 

 

x

Standing

 

 

x

 

Walking

 

 

x

 

Bending, Stretching or Reaching

 

 

x

 

Driving

 

 

x

 

Talking on the phone, person-to-person & in group

 

 

 

x

Hearing on the phone, person-to-person & in group

 

 

 

x

Vision for near, mid-range, far, peripheral, depth and color

 

 

 

x

Use of computer

 

 

 

x

Use of telephone

 

 

 

x

Use of office equipment

 

 

 

x

Pushing/pulling/lifting/ carrying from 5 to 50 lbs.

 

x

 

 

 

About Us

Founded in 1935, and still growing, we began as the War Department Federal Credit Union.  Today, PenFed is one of the country’s strongest and most stable financial institutions with over 1.5 million members and over $21 billion in assets.  We serve members in all 50 states and the District of Columbia, as well as on military bases in Guam, Puerto Rico and Okinawa. 

Our mission isn’t simply to help our members get by. We exist to help them realize every ounce of their potential. We exist to educate, and to encourage. We exist to usher their dreams into the land of reality.

We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.

PenFed is an Equal Opportunity Employer

PenFed will maintain and observe personnel policies which will prohibit discrimination or harassment against a person because of race, color, creed, age, sex, gender, religion, national origin, ancestry, genetic information, military or veteran status or obligation, the presence of a physical and/or mental disability and all other statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment.  PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.

PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 703-838-1568.