Digital Forensics & Incident Response – Incident Analyst

Digital Forensics & Incident Response – Incident AnalystCore Business ServicesRequisition # ALP0027XPost Date 5 hours agoEY Technology:Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.EY Technology supports our technology needs through three business units:Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY toidentify new technology-based opportunities faster and pursue those opportunities more rapidly.Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience.Information Security (Info Sec) - Info Sec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems.The opportunityThe Digital Forensics & Incident Response (DFIR) Incident Analyst will work as a senior member of the technical team responsible for security incident response for EY. The candidate will work as an escalation point for suspect or confirmed security incidents. Responsibilities include performingdigital forensic analysis, following security incident response best practices, malware analysis, identify indicators of compromise, support remediation or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process.Your key responsibilities

Investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified

Forensically analyze end user systems and servers found to have possible indicators of compromise

Analysis of artifacts collected during a security incident/forensic analysis

Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools

Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions

Provide consultation and assessment on perceived security threats

Maintain, manage, improve and update security incident process and protocol documentation

Regularly provide reporting and metrics on case work

Resolution of security incidents by identifying root cause and solutions

Analyze findings in investigative matters, and develop fact based reports

Be on-call to deliver global incident response

Skills and attributes for success

Resolution of security incidents by identifying root cause and solutions

Analyze findings in investigative matters, and develop fact-based reports

Demonstrated integrity and judgment within a professional environment

Ability to appropriately balance work/personal priorities

To qualify for the role, you must have

Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field

5+ years experience in incident response, computer forensics analysis and/or malware reverse engineering;

Understanding of security threats, vulnerabilities, and incident response;

Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis;

Be familiar with legalities surrounding electronic discovery and analysis;

Experience with SIEM technologies (i.e. Splunk);

Deep understanding of both Windows and Unix/Linux based operating systems;

Ideally, you’ll also

Background in security incident response in Cloud-based environments, such as Azure

Programming skills in Powershell, Python and/or C/C Understanding of the best security practices for network architecture and server configuration

What we look for

Demonstrated integrity in a professional environment

Ability to work independently

Have a global mind-set for working with different cultures and backgrounds

Knowledgeable in business industry standard security incident response process, procedures, and life-cycle

Excellent teaming skills

Excellent social, communication, and writing skills

What working at EY offersWe offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

Support, coaching and feedback from some of the most engaging colleagues around

Opportunities to develop new skills and progress your career

The freedom and flexibility to handle your role in a way that’s right for you

EY is committed to be an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.About EYAs a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better.Whenever you join, however long you stay, theexceptionalEY experience lasts a lifetime.And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.Make your mark.Apply now.EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.