Resp & Qualifications
The Lead Forensic Analyst is responsible for responding to security incidents which may present an imminent threat of compromise or loss of data. This position is also responsible for review and appropriate disposition of security investigations and working with various senior management groups, such as Executive Leadership, Legal, Risk, etc. to provide accurate and detailed information regarding forensic investigations. The incumbent will research security events to determine severity and perform incident triage as necessary, while engaging appropriate CSIRT members to resolve the security incident.
Leads efforts for performing post-mortem analysis of the magnetic media, optical media, and volatile data (memory images) collected from compromised systems. Provides documentation related to forensic/malware examinations. Reverse engineer’s malware, using Dynamic and Static analysis. Support development of tool custom signature and correlation rules creation to enhance enterprise protections based on indicators discovered during the forensics analysis process. Identifies trends in incidents and malware and recommends enterprise protection measures based on incident trends. Researches new attacks and exploits. Writes and publishes cyber incident forensic/malware reports detailing findings and mitigation/remediation recommendations. Develops and documents malware and forensic analysis guidance, processes, and procedures. Contributes to the completion of milestones associated with specific projects. Provides solutions to a variety of complex technical problems. Plans and conducts assignments, generally involving the larger and more important projects or more than one project.
Perform all phases of the forensic examination of digital media, including on-site and off-site evidence acquisition/seizures, forensic analysis, and reporting, ensuring chain of custody is maintained and that applicable rules of evidence are adhered to.
Perform E-discovery related requests from Human Resources and/or in support of legal investigations.
PRINCIPLE ACCOUNTABILITIES: Under the direction of the Manager, CyberSecurity Monitoring and Response, the incumbent is responsible for, but is not limited to, the following:
Duties and Responsibilities
Years of experience: 3 years of demonstrated work experience. (Additional experience may be substituted for educational requirements.)
Specialized training (preferred, but not required): Malware analysis tools. Linux or Unix administration. Forensic analysis and Penetration Testing.
Other requirements (preferred, but not required):Forensic Analysis Certification
Required Education and Experience:
Degree or equivalent experience: BA/BS or higher in CyberSecurity, Information Technology, Networking, Computer Science, MIS or related field. (Enrollment in a higher education will be taken into consideration.)
Required Skills and Abilities:
Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate with both technical and non-technical individuals. Incumbent must have a firm understanding of Information and/or Cyber Security principles. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.
Department: InfoSec- CyberSecurity Intelligence
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 10/09/2019
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on federal health care programs.
PHYSICAL DEMANDS:The physical demands described here are representative of those that must be met by an associate to perform the essential duties and responsibilities of the position successfully. Requirements may be modified to accommodate individuals with disabilities.
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights of up to 10 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship