Dfir Specialist

Our Client

Our client is a leading multi-national IT Consulting company.

Your Responsibilities
- Examination and analysis of logs/data from a broad variety of security technologies, such as IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources
- Articulate and Execute common Incident Response methods (e.g. SANS)
- Correlate and analyse events using the SIEM tools to detect IT security incidents
- Create, Follow and Present detailed process and procedures to appropriately analyse, escalate, and assist in containment, recovery and remediation of critical information security incidents
- Analysis of log files, includes forensic analysis of system resource access.
- Respond to inbound requests via phone and other electronic means for technical assistance with managed services
- Work on-site as required with Clients during Live Security Incidents
- Document actions in reports or cases to effectively communicate information internally and to Customers
- Resolve problems independently and understand escalation procedure
- Maintain a high degree of awareness of current threat landscape
- Champion excellence, and support others in the delivery of excellence, through active knowledge sharing with team members, writing technical articles for Internal Knowledge Bases, Blog Posts and Reports as required or requested
- Create and Present customer reports to ensure quality, accuracy and value to the Client
- Education and Training of other Analysts in execution of Incident Response processes and forensic analysis techniques
- Perform other essential duties as assigned

Your Qualifications
- A Degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree
- Broad knowledge of the type of events that both Firewalls, IDS/IPS and other security related devices produce
- Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using Custom tools and scripts
- TCP/IP knowledge, networking and security product experience
- Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc and possible abnormal activities, such as worms, Trojans, viruses, etc.
- CCNA, CISSP, GCA, GCIA, GCIH, CEH certification would be preferable

Halian Group

With over 20 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.

Our resourcing and smart services help you to realize tomorrow’s potential. Discover the amazing things possible when you bring the right people and the right technologies together.