Essential Job Functions:
· Assist the Director of Forensics in assessing and updating processes, procedures and tools to conform to accreditation standards in support of litigations and evolving Digital Forensics requirements and standards.
· Conduct computer forensics collection, preservation and analysis of electronic information media, as required, for litigation, investigation and eDiscovery support. Must include Windows, Mac OSx, iOS and Android platforms.
· Coordinate with Forensics, eDiscovery, and technical staff to maintain knowledge of operations, standards and current installation methods, systems implementations, and planned upgrades.
· Perform analysis of electronic systems, media, and logs, respond to incidents as appropriate, using forensic analysis tools.
· Provide support for planning and implementation of new information security systems, practices, and procedures, in line with internal security guidelines.
· Assist in developing content and tools, and in conducting security and forensic process and procedures training program for other team members, departments, etc.
· Monitor security and forensics related notifications, standards, and mailing lists, for developments, evidentiary issues and vulnerability alerts; conduct periodic security access and vulnerability evaluation tests, as directed.
· Assist the Director of Forensics in writing declarations. Affidavits and/or reports for use in investigations and court proceedings.
Knowledge Skills Abilities:
· In-depth knowledge of computer forensics processes, procedures, and tools, to include current best practices and legal documentation standards.
· In-depth knowledge of the generally accepted computer forensics software tools, their characteristics strengths and capabilities for applicable case requirements.
· Experience with a variety of Investigative and Forensic analysis tools.
· Experience with Windows systems security.
· Ability to communicate complex technical information to people in non-technical terms, excellent written and oral skills.
· Basic knowledge of NT and Windows based systems administration, authentication systems, and cryptography concepts.
· Travel required (Estimated: 15 percent based on investigation, litigation and awareness project requirements).
· Skilled in the use of Microsoft Office productivity tools (Word, Excel, Visio, and Project) to produce documentation that may be used in an investigation or court of law.
· Ability to communicate effectively both verbally and in writing to any level of the organization in a clear and concise manner.
· Ability to establish and maintain effective working relationships at all levels of the organization and work in a matrixed environment.
· Experience and Certification in other related security areas (physical, control systems, business continuity, network security, etc.) is a plus.
· Experience with preparing affidavits, formal statements, giving depositions, presentations and/or testimony in court is a plus.
· Experience and Certification in Windows, AIX, Linux, or other System and Network technologies is a plus.
· Programming skills in languages such as C, C++, Java, Python, Perl, etc. are preferred.
One or more of the following certifications are required:
Certified Computer Examiner (CCE)
EnCase Certified Examiner (EnCE)
GIAC Certified Forensic Examiner (GCFE)
In addition to one of the certifications above, one or more of the following certifications are preferred:
Certified Forensic Computer Examiner (CFCE)
Magnet Certified Forensics Examiner (MCFE)
GIAC Certified Forensic Analyst (GCFA)
Cellebrite Certified Operator (CCO)
Cellebrite Certified Physical Analyst (CCPA), or similar digital forensics certifications.