The digital forensic/incident response analyst is a key member of an organization's cybersecurity team who identifies, investigates, and responds to security incidents. Their primary role is to ensure that incidents are handled efficiently and effectively, minimizing damage and allowing operations to resume as quickly as possible.
Requirements
- Demonstrate and provide in-depth knowledge with Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise
- Provide forensic tool expertise with proficiency in using software such as Magnet Forensics, Joe Sandbox, IDA Pro, and/or Wireshark
- Support Malware Analysis to understand its behavior and impact as well as identifying indicators of compromise (IOCs)
- Performing rapid response and triage of security incidents, data breaches, malware infection, & other system compromises as escalated by the Cyber Defense Operations Center (CDOC)
- Perform containment & eradication by assessing the situation, containing threats, & eradicating it from affected systems
- Adhere to strict procedures for evidence collection, ensuring the integrity of digital evidence throughout the investigation (Chain of Custody)
- Familiarity with security controls/tooling used by TransUnion in an IR capacity, such as: Splunk and Elasticsearch, Splunk SOAR (For case management), Endpoint: Microsoft Defender for Endpoint, CrowdStrike, Wazuh, & Tanium, Network: Netskope SWG and CASB, Palo Alto IPS, CloudFlare WAF, Extrahop, & NetWitness, IAM: Azure AD
Responsibilities
- Demonstrate and provide in-depth knowledge with Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise
- Provide forensic tool expertise with proficiency in using software such as Magnet Forensics, Joe Sandbox, IDA Pro, and/or Wireshark
- Support Malware Analysis to understand its behavior and impact as well as identifying indicators of compromise (IOCs)
- Document investigative findings in a manner aligned with TU Processes & DFIR best practices
- Support Incident Reporting for management, legal, and regulatory purposes
- Organize, perform, and support Cybersecurity tabletop exercises
- Lead & assist with IR process workflow improvements
Other
- Document investigative findings in a manner aligned with TU Processes & DFIR best practices
- Support Incident Reporting for management, legal, and regulatory purposes
- Facilitate communication and collaborate with internal teams, management, and external stakeholders to provide timely updates on incident progress
- bilingual
- This is a fully remote position.
