Digital Forensics Examiner
As a Digital Forensics Examiner for Minnesota IT Services (MNIT), you will assume advanced technical role within MNIT Forensics to provide the State of Minnesota with digital forensics, electronic discovery, and incident response services based on established Enterprise policies, programs, laws, and regulations.
This position conducts digital forensics investigations for enterprise security based incidents and internal investigations. The position may assist other government entities with investigations as well as consult with them on security and digital forensics matters as well as perform electronic discovery and assist human resources and legal teams in this area. This position uses tools and investigative techniques to acquire, analyze, document and report on the digital forensic artifacts, system-level details, metadata, and other investigative material associated with security incidents, internal investigations, electronic discovery, and other investigative requests.
You will be part of an expanding forensics team that engages in a wide-variety of interesting and very important work. You will play a key role within the forensics lab and assist with improving services, automation, implementing new technologies, developing documentation, and building key relationships with our customers.
Responsibilities to include:
- Perform comprehensive digital forensics examinations in support of agency investigations and litigations while following industry-established best practices and MNIT Forensics established protocols.
- Manage digital forensics examinations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and testimony)
- Determine the root cause of security incidents and make recommendations on security controls to prevent and/or mitigate against future incidents.
- Perform digital forensics examinations to include collection in a live client-server environment utilizing validated remote forensic software.
- Perform electronic discovery, assist human resource personnel and legal teams on electronic
- Preserve evidence and maintain chain of custody documentation
- Perform computer forensics security compliance auditing, planning and problem resolution and create security incident reports and advisories for MNIT business partners, management and other appropriate staff
- Serves as a technical resource for security projects on any enterprise project; may review work of other information security staff
- Research and stay abreast of potential security information security threats and works as a part of a team to proactively mitigate their impact
- Maintain and improve digital forensics skill sets, maintain any required certifications, mentor and train other MNIT Forensics staff as needed
- Maintain the MNIT Forensics lab, assist with documentation, software upgrades/updates, and forensic processes and procedures
Candidates must clearly demonstrate all of the following qualifications in their resume:
This position requires a minimum of four (4) years of experience in an information security or digital forensics role that includes:
- Experience performing live system forensics, dead-box forensics, mobile forensics, and/or network forensics.
- Working knowledge and experience with computer hardware and the ability to disassemble/assemble a wide variety of hardware types to include desktops, laptops, tablets, smartphones, printers, etc.
- Knowledge and/or experience with general IT concepts and technologies such as databases, networking, scripting, system administration, application/system design, backup technologies, Outlook/Exchange email, cloud services, and Internet-of-Things (IoT) devices.
- Experience with multiple operating systems (ex: Windows, Linux, Mac)
- Experience with multiple file systems (ex: NTFS, EXT3/4, HFS, Android)
*A Master’s degree in Information Technology or a related field substitutes for three years of experience, related Bachelor’s degree substitutes for two years, or related Associate’s substitutes for one year.
**Successful candidate must pass past-employer reference checks and a criminal history verification**It is the policy of Minnesota IT Services that all employees submit to a background investigation prior to employment. The background check may consist of the following components: SEMA4 Records Check (applies to current and past state employees only)Criminal History CheckEmployment Reference CheckSocial Security and Address VerificationEducation VerificationCJIS Fingerprinting Background Check
Minnesota IT Services will not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
- Five (5) years of experience in an information security or digital forensics role
- Certifications: CISSP, CCE, GSFI, CFCE, ENCE and ACE or other relevant information security or forensics certification
- Experience with mobile forensics
- Experience with malware investigations and reverse engineering malware
- Experience with scripting and automation tools and techniques
- Ability to compose clear, concise, and complete technical documentation and digital forensics investigative reports
- Ability to lead and act as part of a team, react quickly and effectively to daily threats from external and internal sources on a 24/7 basis
- High attention to detail
- High ethical standard
- Excellent communication skills