Senior Forensics Analyst
ABM Industries, Atlanta, GA, United States
Overview
ABM is currently seeking a highly motivated and experienced Senior Forensics Analyst. The Senior Forensics Analyst is a senior technical member of the information security team responsible for leading forensic examinations through collection, processing, analysis and preservation of digital data. This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues.
The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise. This role provides strategic guidance on forensic processes, mentors junior analysts, and communicates complex technical findings to executive leadership, legal counsel and law enforcement when applicable.
The ideal candidate is deeply technical, possesses strong business acumen, and understands how technology is involved in day-to-day operations. The Senior Forensics Analyst demonstrates a track record of leading complex investigations and driving continuous improvement within the forensic and incident response program.
ABM offers a comprehensive benefits package. For information about ABM's benefits, visit:
Recruiting Flyer - Staff & Mgmt (https://media.abm.com/wp-content/uploads/AnnualBenefitFlyers/Recruiting%20Flyer%20-%20Staff%20&%20Mgmt.pdf)
Responsibilities
Specific job duties or deliverables that the position requires which will also measure performance:
Lead and conduct forensic examinations including collection, preservation, processing and analysis of digital data and systems across the enterprise
Serve as the primary subject matter expert for forensic investigations, providing technical direction to incident responders and SOC analysts during escalated security events
Mentor and develop junior forensic analysts, providing guidance on examination techniques, tool usage and professional development
Document comprehensive case notes and communicate analysis findings from initial investigation through closure and post-mortem to technical and non-technical stakeholders
Maintain strict evidence handling procedures including collection, storage, preservation and chain of custody in accordance with legal and regulatory requirements
Conduct investigations across end-user hosts, servers, network infrastructure, mobile devices, peripherals, cloud environments and application systems
Perform advanced malware analysis, reverse engineering and examination of obfuscated code to support threat identification and containment
Develop and refine operational response processes and forensic playbooks for the security operations program
Analyse penetration test reports and threat intelligence to inform forensic readiness and detection capabilities
Effectively communicate findings, strategy and recommendations to stakeholders including technical staff, executive leadership and legal counsel
Recognize and safely utilize attacker tools, tactics and procedures to support discovery, analysis and incident containment
Develop and maintain relationships with engineering, IT, incident response, SOC, software engineering and cross-functional business teams
Analyse systems and data sources for accidental, malicious and unauthorized activities, providing actionable results to management and technical teams
Maintain and improve the forensic lab environment, evaluating new solutions and retaining proficiency with existing tools and methodologies
Participate in and lead briefings from internal forensics as well as from hired consultants, presented to technical and business leadership
Communicate with legal, external firms and law enforcement under management direction when investigations require external coordination
Identify program strengths and weaknesses, recommending improvements to forensic capabilities, skills development and knowledge base
Research emerging cybersecurity threats and forensic techniques to maintain a proactive security posture
Support security initiatives through both predictive and reactive analysis
Perform other duties as assigned
Qualifications
Education:
Bachelor's degree preferred in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.
Experience:
7+ years of combined experience in cybersecurity, incident response and security operations, with a minimum of 4 years in a dedicated digital forensics role
Demonstrated expertise with forensic tools including, but not limited to, AccessData Forensic Toolkit (FTK), Magnet Axiom, EnCase, X-Ways, REMnux and SIFT
Proven ability to perform malware analysis, reverse engineering and examination of obfuscated code
Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework
Experience with log and data aggregation systems (SIEM platforms such as Microsoft Sentinel, Splunk or similar)
Proficient scripting ability with one or more languages including Python, PowerShell, JavaScript and Bash
Clear understanding of evidence preservation, chain of custody and legal requirements for digital evidence
Strong understanding of the NIST Cybersecurity Framework and associated controls
Administration experience with network and host configurations, endpoint detection and response (EDR), application security, encryption and cloud services
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Strong verbal and written communication skills with the ability to explain complex technical topics to business leaders
Excellent judgment and the ability to make quick decisions when working with complex situations
Demonstrated ability to lead investigations and mentor junior team members
Self-starter who can work efficiently both independently and with teams
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism
Certifications:
One or more of the following required: GCFE, GCFA, GREM, GCIH, EnCE or CISSP
Education:
Master's degree in information assurance, Cybersecurity, Computer Science, Digital Forensics or a related technical field.
Experience:
10+ years of combined experience in cybersecurity, incident response, security operations and digital forensics
Holistic experience across Computer Network Defense, Cryptography, Identity Management, Information Assurance, Malware Analysis and Infrastructure Design
Experience leading forensic investigations in hybrid and multi-cloud environments (Azure, AWS, GCP)
Experience identifying, investigating and responding to complex attacks including advanced persistent threats (APTs)
Demonstrated experience developing forensic processes, playbooks and program maturity initiatives
Experience with vulnerability management platforms (Tenable, Rapid7, Qualys)
Ability to utilize and develop scripts that interact with APIs, automate forensic workflows and assist with alert response
Experience working with legal teams, external counsel and law enforcement on digital investigations
Prior experience mentoring or managing a team of forensic analysts
Other:
Holistic experience in Computer Network Defense, Cryptography, Identity Management, Information Assurance, Information Systems/Network Security, Malware Analysis, and Infrastructure Design
Extensive experience with core vulnerability management scanners (e.g. Tenable, Rapid7, Qualys etc.)
Understanding of alert triaging, vulnerability detection and response, and data integrity
Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
Advanced understanding of TCP, UDP, HTTP, IP, and other network protocols
Ability to utilize and write scripts that interact with APIs, automate tasks, and assist with alert response
Knowledge of data center network components
Critical thinking and efficient communicator (i.e written and verbal)
Experience identifying, investigating, and responding to complex attacks in hybrid-environments
Certifications:
Two or more of the following preferred: GCFE, GCFA, GREM, GCIH, EnCE, CISSP, CISM, CRISC, CISA, CFCE, CCE
Enter a description of the working environment and travel requirements (if any) below:
Remote
REQNUMBER: 146248
ABM is proud to be an Equal Opportunity Employer qualified applicants without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran or any other protected factor under federal, state, or local law. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.
ABM is currently seeking a highly motivated and experienced Senior Forensics Analyst. The Senior Forensics Analyst is a senior technical member of the information security team responsible for leading forensic examinations through collection, processing, analysis and preservation of digital data. This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues.
The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise. This role provides strategic guidance on forensic processes, mentors junior analysts, and communicates complex technical findings to executive leadership, legal counsel and law enforcement when applicable.
The ideal candidate is deeply technical, possesses strong business acumen, and understands how technology is involved in day-to-day operations. The Senior Forensics Analyst demonstrates a track record of leading complex investigations and driving continuous improvement within the forensic and incident response program.
ABM offers a comprehensive benefits package. For information about ABM's benefits, visit:
Recruiting Flyer - Staff & Mgmt (https://media.abm.com/wp-content/uploads/AnnualBenefitFlyers/Recruiting%20Flyer%20-%20Staff%20&%20Mgmt.pdf)
Responsibilities
Specific job duties or deliverables that the position requires which will also measure performance:
Lead and conduct forensic examinations including collection, preservation, processing and analysis of digital data and systems across the enterprise
Serve as the primary subject matter expert for forensic investigations, providing technical direction to incident responders and SOC analysts during escalated security events
Mentor and develop junior forensic analysts, providing guidance on examination techniques, tool usage and professional development
Document comprehensive case notes and communicate analysis findings from initial investigation through closure and post-mortem to technical and non-technical stakeholders
Maintain strict evidence handling procedures including collection, storage, preservation and chain of custody in accordance with legal and regulatory requirements
Conduct investigations across end-user hosts, servers, network infrastructure, mobile devices, peripherals, cloud environments and application systems
Perform advanced malware analysis, reverse engineering and examination of obfuscated code to support threat identification and containment
Develop and refine operational response processes and forensic playbooks for the security operations program
Analyse penetration test reports and threat intelligence to inform forensic readiness and detection capabilities
Effectively communicate findings, strategy and recommendations to stakeholders including technical staff, executive leadership and legal counsel
Recognize and safely utilize attacker tools, tactics and procedures to support discovery, analysis and incident containment
Develop and maintain relationships with engineering, IT, incident response, SOC, software engineering and cross-functional business teams
Analyse systems and data sources for accidental, malicious and unauthorized activities, providing actionable results to management and technical teams
Maintain and improve the forensic lab environment, evaluating new solutions and retaining proficiency with existing tools and methodologies
Participate in and lead briefings from internal forensics as well as from hired consultants, presented to technical and business leadership
Communicate with legal, external firms and law enforcement under management direction when investigations require external coordination
Identify program strengths and weaknesses, recommending improvements to forensic capabilities, skills development and knowledge base
Research emerging cybersecurity threats and forensic techniques to maintain a proactive security posture
Support security initiatives through both predictive and reactive analysis
Perform other duties as assigned
Qualifications
Education:
Bachelor's degree preferred in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.
Experience:
7+ years of combined experience in cybersecurity, incident response and security operations, with a minimum of 4 years in a dedicated digital forensics role
Demonstrated expertise with forensic tools including, but not limited to, AccessData Forensic Toolkit (FTK), Magnet Axiom, EnCase, X-Ways, REMnux and SIFT
Proven ability to perform malware analysis, reverse engineering and examination of obfuscated code
Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework
Experience with log and data aggregation systems (SIEM platforms such as Microsoft Sentinel, Splunk or similar)
Proficient scripting ability with one or more languages including Python, PowerShell, JavaScript and Bash
Clear understanding of evidence preservation, chain of custody and legal requirements for digital evidence
Strong understanding of the NIST Cybersecurity Framework and associated controls
Administration experience with network and host configurations, endpoint detection and response (EDR), application security, encryption and cloud services
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Strong verbal and written communication skills with the ability to explain complex technical topics to business leaders
Excellent judgment and the ability to make quick decisions when working with complex situations
Demonstrated ability to lead investigations and mentor junior team members
Self-starter who can work efficiently both independently and with teams
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism
Certifications:
One or more of the following required: GCFE, GCFA, GREM, GCIH, EnCE or CISSP
Education:
Master's degree in information assurance, Cybersecurity, Computer Science, Digital Forensics or a related technical field.
Experience:
10+ years of combined experience in cybersecurity, incident response, security operations and digital forensics
Holistic experience across Computer Network Defense, Cryptography, Identity Management, Information Assurance, Malware Analysis and Infrastructure Design
Experience leading forensic investigations in hybrid and multi-cloud environments (Azure, AWS, GCP)
Experience identifying, investigating and responding to complex attacks including advanced persistent threats (APTs)
Demonstrated experience developing forensic processes, playbooks and program maturity initiatives
Experience with vulnerability management platforms (Tenable, Rapid7, Qualys)
Ability to utilize and develop scripts that interact with APIs, automate forensic workflows and assist with alert response
Experience working with legal teams, external counsel and law enforcement on digital investigations
Prior experience mentoring or managing a team of forensic analysts
Other:
Holistic experience in Computer Network Defense, Cryptography, Identity Management, Information Assurance, Information Systems/Network Security, Malware Analysis, and Infrastructure Design
Extensive experience with core vulnerability management scanners (e.g. Tenable, Rapid7, Qualys etc.)
Understanding of alert triaging, vulnerability detection and response, and data integrity
Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
Advanced understanding of TCP, UDP, HTTP, IP, and other network protocols
Ability to utilize and write scripts that interact with APIs, automate tasks, and assist with alert response
Knowledge of data center network components
Critical thinking and efficient communicator (i.e written and verbal)
Experience identifying, investigating, and responding to complex attacks in hybrid-environments
Certifications:
Two or more of the following preferred: GCFE, GCFA, GREM, GCIH, EnCE, CISSP, CISM, CRISC, CISA, CFCE, CCE
Enter a description of the working environment and travel requirements (if any) below:
Remote
REQNUMBER: 146248
ABM is proud to be an Equal Opportunity Employer qualified applicants without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran or any other protected factor under federal, state, or local law. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.