Job Description: Forensic Investigator/Malware
This position serves as the primary contact for investigations related to malware, such as bots, worms, and trojans to understand the nature of their threat. This position will work with internal anti-virus teams and technical teams to validate and remediate the threat. Additional duties include computer content scans, minimal data recovery, and minimal electronic discovery. Plans, coordinates and implements computer information security measures to safeguard information in computer files against accidental or unauthorized modification, destruction or disclosure. Maintain all aspects of Chain of Custody and forensic inventory.
The successful candidate will work with various technical teams, human resources representatives, and management personnel, as well as with attorneys and corporate clients.
Works under the guidance of the Director of Forensic Investigations and/or the Manager of Malware. Responsibilities include, but are not limited to:
1. Reverse engineering of malware.
2. Manage all aspects of malware investigations to completion.
3. Assist in the coordination of changes/modifications/updates in various Anti-virus solutions.
4. Stay abreast of the threat landscape and notify specific groups of any warnings or potential dangers.
5. Monitors operations to ensure compliance with all regulatory requirements.
6. Coordinates implementation of vendor-issued security software updates.
7. Stays abreast of evolving information systems and data forensics tools.
8. Protects the company from potential legal litigation and produces accurate results from digital evidence.
9. Analyzes data and investigative information.
10. Communicates with co-workers and management regarding case development in confidential manner.
11. Provides findings reports and recommendations based on investigative findings.
12. Prepares reports and documents case details, developments and outcomes.
13. Networks with members of local trade associations and other groups of interest.
14. Other duties as requested by management.
The ideal candidate will have knowledge and experience with the following operating systems: Windows, Macintosh, Linux, and UNIX. Other requirements include:
1. Thorough understanding of malware, including trends, workflow and analysis
2. Current understanding of all policies and procedures surrounding malware.
3. Thorough understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems, such as Exchange and Microsoft Office applications.
4. Understanding of firewalls and proxies; virus prevention and remediation; fundamental knowledge of Access control, encryption and security event log analysis.
5. Proficiency in conducting live analysis on networks and multiple platforms is desired.
6. Effective communication and presentation skills, including written and verbal communications.
7. Ability to:
• Recognize the various families of malware and what their function is;
• Investigate workstations or servers to validate infections;
• Recommend tools to better prevent/mitigate malware infections;
• Keep abreast of any new trends in malware and report on such;
• Take lead on any infection(s) and see the process to completion;
• Articulate in written and oral communication;
• Work effectively in teams or independently;
• Carry out detailed instructions; be detail oriented;
• Handle confidential and sensitive information with the utmost discretion;
• Address findings from Federal Cyber security audits including FISMA, OMB and OIG.
• Critical thinking, problem solving and the ability to endure long working hours is vital.
• The ability to work extremely well under pressure while maintaining a professional image and approach with clients is critical.
EDUCATION and EXPERIENCE
The successful candidate will have a combination of education and experience related to the essential duties and responsibilities of the position.
• 1 or more years of malware analysis, including behavioral analysis and static analysis
• Bachelor’s degree or the equivalent work experience in Information Technology, or in a related field.
• Strong knowledge of and experience with developing and implementing incident handling procedures and pursuing incidents.
• Experience with various AV solutions, IIS, UNIX, Solaris and Linux variants; Cryptography and PKI.
• Ability to travel when required.
• Experience conducting security assessments, penetration testing, and ethical hacking is desirable.
• Incident Response experience and other types of investigations work is a plus.
CERTIFICATES, LICENSES, REGISTRATION
Possession of professional certifications and membership in professional associations is highly desirable.
• Certificates of accomplishment (GREM, Security+, MCSE, CCNA, etc.)
• Work is performed in general office setting and may include lifting up to 20 pounds.
• Significant portion of time spent in a sedentary position, working on a computer.
• Some travel may be required.
• Walking between office buildings and office space/lab on a regular basis.
• General office environment noise levels.
Fiserv, Inc. is an Equal Employment Opportunity/Affirmative Action Employer and maintains a Drug-Free Workplace.