Previous Job
The Information Security Investigator
Ref No.: 17-00715
Location: RTP, North Carolina
Position Type:Full Time/Contract
Start Date: 08/31/2017
Position: The Information Security Investigator
Location: RTP, NC
Type: Long Term 

Must be open to any shift – Shift differential pay for 3rd

Job Description:
The Information Security Investigator has a deep technical understanding of the Managed Security Services (Client) technologies; 
intrusion analysis, anomalous behavior analysis, and threat intelligence . 
This role holds is entrusted with intimately advising clients of threats and breaches, and must have the ability to lead and direct security analysts and fellow investigators. 
The investigator is required to maintain an intimate understanding of the customer environment and reflect such knowledge in The investigator will remain up-to-date on active security threats and events across all sectors with specific focus on customer sectors, specifically financial, retail, medical, and energy. 
The investigator will work in an assigned shift, and is required to be present physically and via secure messaging such as IRC and Cisco Jabber; 
constant interaction with the SOC staff is required. 

Conduct in-depth investigations into security breaches at customer sites using all available tools within customer environment, Clients, and online. 
¿ Resolve cases escalated from security analysts (either as escalated ticket to customer or resolving as false positive.) 
¿ Resolve cases dispatched from customers (CAT6), maintain daily dialog with customer on case until resolved. 
¿ Review device logs, packet capture, and all forms of telemetry; interpret data 
¿ Conduct online forensic investigations of devices (routers, - switches, UNIX and Windows hosts) 
¿ Interview personnel to obtain information related to investigation 
¿ Maintain up-to-date information in secure case management system 
¿ Identify and implement incident mitigation, including null routing, ACL changes, DNS poisoning, account disabling, application offlining, etc. 
¿ Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business 
Vigilantly protect customer data, ensuring proper handling and protection electronically, physically, and verbally 
Ensure assigned shift is covered personally or attended by an alternate investigator 
Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media 
Mentor analysts in investigative skills and customer communications 
Maintain quality assurance for all MTD processes 
Conduct threat research to determine how clients are affected by threats 

Minimum Qualifications:
The successful candidate will have an operational knowledge of Client's infrastructure and core security technologies, demonstrating experience in system or network administration. 

Candidate must be demonstrate strong adherence to quality processes in work history, have experience working in a global support environment and pressure work environments, be willing to work off-hours, accommodate rotational work and case handling. 

Required skills include:
Detailed understanding of the TCP/IP protocol suite 
System administrator-level expertise in multi-user operating systems including Unix variants and Microsoft Windows 
Demonstrated expertise in modern security attacks and threats, including the attack chain 
Demonstrated expertise in malware analysis, categorization, and attribution (malware reversal and disassembly skills a plus) 
Strong understanding and experience with security incidents involving alternate OSs including Android and iOS 
Experience scripting in one or more of the following languages: shell, perl, python, or PHP 
A detailed understanding of the common technologies found in enterprise IT environments including datacenter and Internet edge technologies 
Experience troubleshooting network security for enterprise customers 
Experience with virtualization technologies including VMWare, OpenStack, and various hypervisors 
Ability to do basic configuration and troubleshooting 
Cisco networking technologies: ASA, IPS, WSA, Client, VPN 
Detailed knowledge of Cisco IOS 
Experience with troubleshooting and investigating device and networking issues 
Ability to analyze, use and configure small to medium networks. Proven crisis management skills 

Desired Skills 
BA/BS degree with 8-10 years of IT and/or security experience 
Sourcefire Certified Expert (SFCE) 
Familiar with the latest malicious code trends, including experience with exploits and malware 
Demonstrate customer service, communications, troubleshooting skills 
Industry certifications such as CISSP, SANS GCIH 
Cisco network certifications, such as CCNA, CCDA, or CCSP 
Experience with operations processes, such as ITIL, CMM, or Six Sigma 
Experience with Snort or other intrusion detection tools 
Experience with anomaly detection, full-packet capture 
Experience with ElasticSearch, NetFlow, Silk, Solera, and OpenSOC components 

Additional Skills 
Excellent written communications 
Strong teamwork 
Thanks & Regards,
XL  Impex Inc
dba Atika Technologies
5 Independence Way,Suite 300
Desk-(732)-907-9001 X.422
Princeton,NJ 08540