Are you an experienced, passionate pioneer in technology? An industry solutions professional who wants to work in a collaborative environment. As an experienced Senior Information Security Analyst you will have the ability to share new ideas and collaborate on projects as a consultant without the extensive demands of travel. If so, consider an opportunity with Deloitte under our Project Delivery Talent Model. Project Delivery Model (PDM) is a talent model that is tailored specifically for long-term, onsite client service delivery. PDM practitioners are local to project locations, minimizing extensive travel, and provides you with a full career path within the firm.
An ideal candidate for this position will have experience with system administration, Windows and Linux operating systems (OS) mechanics and filesystem structures, disk and memory forensics, commonly abused tools/vectors for persistence, privilege escalation, and lateral movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior, with respect to the environment they are found in.
Work you’ll do/Responsibilities
- Responsible for the analysis of all corporate IT machines in the environment.
- This includes forensic analysis of Windows and Linux clients and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
- Identify unusual files, scripts, configurations, and user activity based on bulk aggregation via an Endpoint Detection and Response (EDR) or triage tool, deployed at scale.
- Utilize collected records to identify potentially malicious filesystem objects for deeper analysis.
- Communicate with EL as well as NFA team and ICS analysts to dig deeper into what file system artifact discoveries may manifest in network traffic.
- Onsite schedule 1-2 days per week, with flexibility based on mission support.
The Team
Our Core Technology Operations (CTO) team offers differentiated operate services for our clients with solutions to help organizations scale and optimize critical business operations, drive speed to outcome, deliver business transformation, and build resilience in an uncertain future.
Our operate services within CTO include:
- Foundry Services: Operate services providing flexible, recurring resource capacity for client initiatives, projects, tasks, and enhancement
- Managed Services: Operate services that provide ongoing maintenance, monitoring, and optimization for IT/Engineering applications & products
Qualifications
Required
- Must have an active TS/SCI
- Bachelor's degree with ten (10) years of relevant experience
- Familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines Proficiency with Host triage tools such as Redline, KAPE, etc.
- Knowledgeable in common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint.
- Experience with Memory and hard drive acquisition
- Knowledgeable of hard drive forensic analysis tools such as: Encase, Autopsy, Yara, Plaso/Log2Timeline
- Experience with Memory forensics
- Ability to Log and registry analysis
- Utilizing EDR tools such as Endgame, FireEye Helix, Tanium, Carbon Black, SentinelOne, GRR
- Experience with big data analysis platforms such as Splunk, Elastic Stack
- Evaluating or analyzing windows registry keys
- Strong experience with Windows and Linux file system artifacts
- Experience with Active directory logs for users and account permissions
- Scripting experience with PowerShell, PHP, Python, Bash, JavaScript
- Reviewing binary files found in the environment for malicious indicators
- Must have an analyst skillset and knowledgeable with technical documentation
Preferred
- Experience with file analysis tools such as CFF Explorer, IDA, Binary Ninja