[linuxjobs] Incident Response Vacancy

[Peter Cannon]

On 21/11/2013 21:25, Benjamin Donnachie wrote:
> 
> Not strictly a Linux vacancy but I'm looking for incident response 
> professional with Linux experience.  Job description below, salary up to 
> £60k.  Based out of our London office with travel required globally. 
>   Please apply online using the link available from 
> http://www.accessdata.com/about/career-opportunities
> 
> For more information please use my work account - 
> bdonnachie at accessdata.com <mailto:bdonnachie at accessdata.com>
> 
> No agencies please!
> 
> Benjamin Donnachie
> 
> 
> *About AccessData Incident Response Services*
> 
> AccessData is seeking qualified candidates to join our growing team as 
> Incident Response Forensics Analysts. Our incident responders have 
> backgrounds as government and Fortune 100 cyber security practitioners, 
> and our services are regularly enlisted by some of the largest 
> organizations in the world to deal with complex and sophisticated 
> compromises. Because AccessData is also a leading cyber security 
> software developer, our clients have the benefit of working with 
> services experts who have unmatched expertise in the technology and the 
> support of our development team behind them.
> 
> *Essential Duties and Responsibilities*
> 
> Conduct highly-confidential investigations for a global client list 
> (e.g., data loss, virus outbreak, advanced persistent threats)
> Conduct examination of digital media (hard drives, mobile phones, etc.)
> Capture / analyse network traffic for indications of compromise
> Review log-based data, both in raw form and utilising SIEM or 
> aggregation tools
> Employ best practices and forensically sound principals such as evidence 
> handling and chain of custody
> Establish timelines and patterns of activity based on multiple data sources
> Identify, document and prepare reports on relevant findings
> Utilize varied forensic software such as FTK, Encase, Helix, etc.
> Effectively communicate with clients to establish timelines, manage 
> expectations, and report findings
> 
> *Required Knowledge, Skills and Abilities*
> 
> Demonstrated computer forensic investigations experience
> Expert-level knowledge of common attack vectors and penetration techniques
> Solid working knowledge of networking technology and tools, firewalls, 
> proxies, IDS/IPS, encryption
> Demonstrated knowledge of forensic tools such as Encase, FTK, Helix, 
> Knoppix, Slax, Sleuthkit, SIFT
> Experience with malware analysis (reverse engineering)
> Excellent technical writing and presentation skills
> Ability to successfully interface with clients
> Event analysis and correlation
> Experience managing large and small scale incidents
> 
> *Additional Preferred Skills*
> 
> Strong understanding of networking protocols such as TCP/IP, IPSEC, RIP, 
> EIGRP, OSPF
> Experience in a fast-paced consulting organisation
> Experience with programming or scripting languages
> Familiar with SIEM tools such as ArcSight, NitroSecurity, enVision, etc.
> Demonstrated system administration skills
> 
> *Education / Experience*
> 
> Bachelor’s degree in computer science, digital forensics or related 
> technical discipline or demonstrated equivalent work experience.
> Minimum 5 years required in digital forensics and/or security, with 2 
> years desired in incident response
> Preference given to candidates with current relevant industry 
> certifications (ACE, EnCE, CFCE, CCE, DFCP, GCIA, GCIH, GREM, CSIH, etc.)
> **Note: Successful candidate will be required to obtain AccessData ACE 
> certification within 1 year

I think you forgot to add "20 years Police or security service history, 10 years Diplomatic or Governorship of a colony. Ideally a professor or former University Don with ties to GCHQ, MI5, MI6" Sheesh.

-- 
Regards
Peter Cannon

IRC: dick_turpin @ freenode.net
https://twitter.com/dick_turpin
http://www.cannon-linux.co.uk
https://plus.google.com/100694334141523232451/posts
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"