At Soteria, our DFIR Consultants work within our DART and alongside our clients to recover from incidents as quickly and effectively as possible. We are the steady hand that guides our clients when they are having their worst day.  In this role, you will be the forensics expert for Soteria during an incident, primarily handling the collection, preservation, and analysis of forensic data and evidence. When not investigating active incidents, your time will be split between building internal documentation and SOPs, assisting junior personnel, and aiding other teams within the DART to grow our MDR and IR services. 

Our DFIR Consultants live for the thrill of the fight, staying on top of the rapidly changing landscape of attacker TTPs, vulnerabilities and exploits, and the latest tools and methods to stop the bad guys. As a DFIR Consultant, you will be a highly technical force to be reckoned with for our DART and our clients, ensuring that our investigations are thorough and efficient from both a technology and a process standpoint. You will navigate through each case with a contagiously positive and uplifting attitude. As a small team, you will be relied upon to be there whenever the call comes in. You recognize that our work's volatile and unpredictable nature means you will often be called upon after hours and on weekends. You will be a vital component of the Soteria brand, representing what it means to be a Soterian to our team, clients, and partners.

Responsibilities

As a Digital Forensics and Incident Response Consultant, your responsibilities include:

• Triaging, collecting, and analyzing forensically valuable data from the available sources to determine the scope and severity of security incidents.  You understand what forensically relevant information to collect for each case and are comfortable doing so manually or with a tool. You are familiar with one or more forensic suites and common forensic tools, but you are always open to learning new methods and tools.

• Intaking and scoping DFIR matters by asking appropriate qualifying questions, listening thoroughly and empathetically, and responding to initial answers with the appropriate follow-up to determine the volume of work necessary for the case. You understand how every case is different and are familiar with navigating the nuances of each scoping call.

• Actively managing forensic efforts for and participating in multiple Digital Forensics and Incident Response matters simultaneously, such as ransomware, BEC, insider threat, and HR investigations. You are familiar with the DFIR space as a service provider. You understand the typical flow of these investigations, as well as the sensitivity and expertise required to be successful in this space, and you are an expert at tailoring each engagement to the client’s needs.

• Providing clients with advice and guidance as they navigate the incident response and recovery process. You are comfortable providing customized recommendations as the situation calls for it. You understand the specific business needs of each client and patiently work within their timeline, goals, and budget.

• Leveraging a communication style that is characterized by empathy and clarity. Whether you're articulating complex technical decisions in writing or engaging in real-time brainstorming, you convey nuanced ideas with precision. In times of disagreement, you approach differing perspectives thoughtfully and are willing to find compromises.

• Documenting and presenting findings and recommendations to clients in a professional manner. You are an excellent communicator, both verbally and in written form. You pride yourself in clear and thorough reporting with excellent attention to detail.

• Maintaining high availability and respect for the urgency and responsiveness necessary for this industry. You recognize that the bad guys rarely strike 9-5 M-F and are willing to answer the call and help those in need regardless of this. 

• Maintaining competence in security trends, technologies, and practices through self-study and attendance of industry events. You are a lifelong learner who truly loves the information security world. You actively seek out information on threats and trends and openly share it with the team.

• Taking part in the creation, development, and introduction of modern forensic techniques and solutions. You regularly work with Soteria’s managed detection and response team to improve detection capabilities. Your fervor for growth and improvement at all levels is contagious, and you constantly rain and mentor consultants and analysts to build the company's overall capacity and capability.

• Thriving on teamwork and championing the power of collaboration. Working together to achieve shared goals is your mantra, and you actively engage in cross-functional cooperation. You are committed to personal and professional growth and are passionate about supporting your colleagues in their own development.

  Technologies and Platforms we use:

• EDR Tools 

• Lima Charlie 

• Windows Defender 

• Carbon Black

• SentinelOne

• Cisco AMP

• CrowdStrike Falcon

• Forensic Suites

• Axiom 

• XWays 

• Velociraptor 

• ELK/OpenSearch

  Education and Experience Requirements:  

• 2+ years of experience in a technical and consultative digital forensics and incident response role.

• Professional certifications such as GCFA, EnCE, GCFR, GREM, IACIS, CFCE.

• Strong leadership and crisis management skills, with a focus on teamwork and creating a trusting and transparent atmosphere in both internal and client-facing environments.

• Familiarity with forensically valuable artifacts available on Windows, Linux, Unix, and MacOS operating systems.

• Fundamental knowledge of networking concepts, protocols, and architecture

• Professional experience with dead disk forensics tools such as Axiom, FTK, etc.

• Professional experience with SIEM tools as it relates to searching and extracting relevant data for DFIR investigations.

• Programming/Scripting experience as needed to facilitate investigations and remediation efforts.

• Outstanding written and verbal communication skills, focusing on empathy and patience with clients who may be combative or experiencing extreme stress.

• Exceptional ability to communicate details of findings to both technical and non-technical clients, specifically including executive leadership and legal counsel.

• Must be able to deliver detailed and high-quality written reports at the conclusion of every client engagement.

• Willingness to participate in an on-call rotation that includes work as necessary outside of business hours.

• Experience with malware analysis and reverse engineering is a plus.

• Experience with cloud technologies, including AWS, Azure/M365, and GCP/GSuite, is a plus.

• Experience working with Breach Coaches as well as data mining and Breach Notification firms is a significant plus.

• Fluency in Spanish is a significant plus.

   

  We recognize that the best ideas and solutions come from teams built with a variety of backgrounds. These teams reflect a variety of personal and professional experiences. If you are excited about this position and believe your experience and passion can bring a positive impact to Soteria's DART, please don’t hesitate to apply today.

   

  Soteria has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills, and abilities. Additional functions and requirements may be assigned by managers as deemed appropriate. This document does not represent a contract of employment, and the Company reserves the right to change this position description and/or assign tasks for the employee to perform, as the Company may deem appropriate. 

Powered by JazzHR