Cyber Response Investigator
The New York County District Attorney’s Office has an immediate opening for a Cyber Response Investigator in the High Technology Analysis Unit (HTAU) of its Cybercrime and Identity Theft Bureau. The Cybercrime and Identity Theft Bureau (CITB) is committed to protecting the public by combating sophisticated cybercrime and identity theft schemes in Manhattan and worldwide. The Bureau prosecutes cases involving check and credit card fraud, cyber impersonation, child exploitation and pornography, cyber-stalking, cyber-bullying, computer hacking, as well as white-collar crimes involving money laundering and threats to financial institutions. In this position the Investigator is responsible for providing highly sophisticated analytical and investigatory support to the unit and the office at large.
Responsibilities include but are not limited to:
- Participate in the execution of search warrants to forensically acquire and preserve live digital evidence in a holistic manner.
- Liaise with investigators to plan and create tactical strategies for collecting live digital evidence.
- Perform wireless assessment surveys and prepare reports of findings.
- Develop custom tools designed for onsite preservation and collection of digital evidence.
- Identify live engagement techniques to enhance online investigations; with legal approval, engage in said activities.
- Investigate data theft, data exfiltration events, or network attacks using digital forensic techniques.
- Prepare written summary reports to document all field work conducted including but not limited to: digital evidence collection efforts, cyber engagements efforts, and victim or witness interviews.
- Report on daily engagements and research/development activities utilizing the unit’s internal tracking system.
- Testify about and affirm all field and laboratory activities conducted during any investigation.
- Evaluate new technology that will help identify digital evidence for unique cyber investigations while maintaining records of effective techniques that can be standardized for use in the computer forensics unit.
- Collect intelligence on potential targets using open source (OSINT) and law enforcement databases.
- Train and certify in relevant cyber response areas, exercising industry-standard techniques during an investigation and maintain certifications.
- Update and log all software/hardware purchased for the purpose of cyber response investigations.
- Routinely educate legal and support staff of cyber threats, in order to provide awareness and avoidance techniques.
- Conduct evidence storage/validation and computer forensic activities when it is required to do so.
- Perform related administrative and clerical tasks as assigned.
- Experience in digital evidence collection, forensic imaging, and/or digital evidence handling.
- Experience programing and scripting (i.e. Bash, Python, Java, C, etc.).
- Forensic experience with Windows, Linux, and Mac operating systems.
- Proficiency in Microsoft Office, and Internet required.
- Ability to work with frequent interruptions and adapt to changes in workflow.
- Ability to work independently and manage multiple short-term projects.
- Ability to follow directions and apply proper policies, procedures and guidelines.
- Strong attention to detail and high concern for data accuracy.
- Dependable team player who works collaboratively and cooperatively with staff in a team-oriented environment.
- Must be able to perform under pressure in a fast-paced environment; detail oriented and self-motivated and able to multi-task.
- Ability to interact with all levels of staff and law enforcement staff.
- Bachelor’s degree required; preferably in Information Security, Forensic Computing, or a Computer Science-related technical discipline.
- Certifications related to information security, penetration testing, or digital forensics will be strongly considered. Applicant should highlight any applicable certifications in their cover letter and resume accordingly (i.e. SANS, CompTIA, Ec-Council C.E.H., applicable tool specific vendor certifications, etc.).
- Experience testifying to analyses in a courtroom setting
- Demonstrative skills and experience with Linux and/or command line applications.
- Strong IT networking skills and/or network related certifications
- Experience in conducting live forensic acquisitions and analyses including memory analysis, pagefile.sys analysis, and RAM analysis.
- One (1) year commitment to hiring unit.