Interested in learning more about this job Scroll down and find out what skills, experience and educational qualifications are needed.
Digital Forensics Analyst
Be part of something exciting and rewarding and join our Security Operations (SecOps) Team in The Digital Forensics and Incident Response Team. Your role will focus on forensics, however, there is room to grow into incident response if you desire, and this will encompass the full spectrum of technical work including cyber research, forensics analysis, red team operations, malware reverse engineering and innovations.
SecOps is CGI’s UK multi-disciplinary team of highly skilled cyber security experts with the primary objective to manage advanced cyber security threats to our clients. This role is ideal for a strong technical candidate who can work flexibly. The role can be based out of our Reading or Bridgend offices and will involve some percentage of remote work. This is a UK position and will include occasional international travel, but in general the amount of travel will be limited. The successful candidate must hold a minimum of SC and be clearable to DV.
Your future duties and responsibilities
*Forensics – The person will be responsible for the collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures to analyse and determine the attack vector, establish a timeline of activity, and identify the extent of the compromise. The individual should be able to work effectively with minimal support from management and other regional Forensic analysts.
*Innovation – The person will work with the other members of the SecOps team to examine, develop and review IR methodologies, tools, systems or processes that may be used within CGI.
*Incident Response – Whilst this role is a Forensics based role, there is room to grow into incident response and work with our current incident response team to handle in-depth investigations of networks and hosts, determine attack vectors, establish a timeline of activity and to identify the extend of the compromise.
Required qualifications to be successful in this role
• Digital Forensics
• Host analysis experience with Forensics/EDR tools (enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Minimum 3 years of working experience in digital forensics area, deep forensics knowledge in various operating system (e.g. Mac OS, Windows, etc.) and some experience in public cloud.
Required qualifications to be successful in this role
• Cyber Threat Hunting
• Static and/or Dynamic Malware analysis
• Reverse engineering
• Cyber research and Threat intelligence
• Cyber analysis with big data
• Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Strong understanding of Windows/Linux/Unix operating systems.
• a good understanding of Incident Response methodologies and tools
• Strong understanding of operating system and software vulnerabilities and exploitation techniques.
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint)
• Network analysis experience with Network sensors (Fireye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilising threat intelligence sources
• Penetration testing experience
• Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines.
• Programming languages C/C++, Python, Ruby, Assembly, Bash, Powershell
• User investigations, Behavioural Analysis technology and or processes
• Incident Response Certifications (Various)
• Degree in IT Security, Engineering or Technology related fields a major plus, or equivalent industry experience.
• Knowledge of malware packing, obfuscation, persistence, exfiltration techniques.
• Experience with tools: IDA Pro, radare2, OllyDbg, WinDBG.
• Experience using other big data analysis platforms and the development of advanced queries used to interrogate big data sources.
• Experience with Machine Learning & Artificial Intelligence
• Any formal certification in Digital Forensics Investigations (EnCE, CHFI, CFCE, ACE, GCFA, GCFE, SANS)
Insights you can act on
While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees “members” because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.
Public Cloud Security
Remote working/work at home options are available for this role.