Enterprise Information Security Professional
Closes: 02/24/2020 |
The Ohio Department of Administrative Services, Office of Information Technology, is seeking an Enterprise Information Security Professional 2 to join the information security team and perform the following duties:
Under general supervision in the Office of Information Security and Privacy, collects and forensically analyzes intrusion artifacts and use discovered data to enable mitigation of potential incidents within the enterprise:
- Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion
- Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
- Decrypt seized data using technical means
- Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
- Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
- Examine recovered data for information of relevance to the issue at hand
- Perform file signature analysis
- Perform static and live forensic analysis
- Perform timeline analysis as well as static malware and media analysis
- Perform virus scanning on digital media
- Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures)
- Provide technical assistance on digital evidence matters to appropriate personnel
- Serve as technical experts and liaisons to law enforcement personnel and explain incident details, provide testimony, etc.
- Use an array of specialized computer investigative techniques and programs to resolve the investigatio
- Use network monitoring tools to capture and analyze network traffic associated with malicious activity
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Identify the specific vulnerability and make recommendations that enable expeditious remediation
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
- Write and publishes guidance and reports on incident findings to appropriate constituencies
- Perform real-time Incident Handling tasks to support deployable Incident Response Teams (IRTs)
Perform other related duties as needed:
- Work as a team lead and assists other staff when needed
- Assist and train lower level data security personnel in incident response and incident analysis processes
*This position requires the employee to be able to obtain a SECRET level U.S. Government security clearance.
Qualifications
Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
-Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981.
-Or equivalent of Minimum Class Qualifications For Employment noted above. Knowledge
- Database procedures used for documenting and querying reported incidents
- Forensic lab design configuration and support applications
- Anti-forensic tactics, techniques and procedures
- Reverse engineering concepts
- Incident response and handling methodologies
- Applicable laws
- Basic concepts and practices of processing digital forensic data
- Basic physical computer components and architectures, including the functions of various components and peripherals
- Deployable forensics
- Hacking methodologies in Windows or Unix/Linux environment
- How different file types can be used for anomalous behavior
- Investigative implications of hardware, Operating Systems, and network technologies
- Legal rules of evidence and court procedure
- Malware analysis concepts, methodologies and tools
- Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
- Seizing and preserving digital evidence (e.g., chain of custody)
- Different classes of attacks and general attack stages
- Network traffic analysis methods
- Security event correlation tools
Skills
- Performing root cause analysis for incidents
- Using incident handling methodologies
- Handling malware
- Performing damage assessments
- Preserving evidence integrity according to standard operating procedures or national standards
- Analyzing anomalous code as malicious or benign
- Analyzing memory dumps to extract information
- Analyzing volatile data
- Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
- Identifying and extracting data of forensic interest in diverse media
- Physically disassembling PCs
- Setting up a forensic workstation
- Using binary analysis tools
- Using forensic tool suites
- Using virtual machines
- Identifying obfuscation techniques
Abilities:
- Decrypt digital data collections
- Interpret and incorporate data from multiple tools sources
- Examine digital media on multiple operating platforms
- Draft and compile concise technical reports