Engineer III, Digital Forensics & Incident Response

Engineer III, Digital Forensics & Incident Response

Pen Fed Credit Union is hiring a hybrid Engineer III, Digital Forensics & Incident Response at locations:
Tysons, VA;
San Antonio, TX;
Irving, TX; or Omaha, NE. The role leads the DFIR and Forensics team, managing security incidents, investigating risks, and responding to all security incidents detected across the enterprise.

• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
• Lead, investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified.
• Supervise the DFIR Incident Handler/Analyst Team.
• Perform forensic analysis on end‑user systems and servers with possible indicators of compromise.
• Provide engineering and administrative functions for all tools supporting the DFIR mission.
• Train and assist other analysts/engineers and provide guidance on best practices in forensics and incident response.
• Complete complex analysis of artifacts collected during a security incident/forensic analysis.
• Identify security incidents through hunting operations within a SIEM and other relevant tools and partner technologies.
• Coordinate with server owners, system custodians, and IT contacts to pursue incident response activities, including obtaining access, digital artifact collection, containment and remediation actions.
• Provide expert consultation and forensic analysis on security incidents.
• Acquire, preserve, and analyze digital evidence following chain of custody and industry best practices.
• Identify root causes, attack paths, and indicators of compromise.
• Maintain, manage, improve and update the system forensics process and protocol documentation.
• Regularly provide reporting and metrics on case work.
• Provide SME-level resolution of security incidents by identifying root causes and solutions through forensic analysis.
• Analyze findings in investigative matters and develop fact-based reports.
• Develop and maintain incident response playbook, runbooks, and communication protocols.

• Bachelor’s degree in information security, technology, or a related field, or an equivalent combination of education and experience.
• Minimum of eight (8) years of work experience in the cyber security field.
• Minimum of three (3) years of prior forensics/incident response team lead experience.
• Minimum of two (2) years of prior security analysis experience.
• Knowledge of security response operations, threat identification and forensic analysis software, equipment, and processes.
• Knowledge of EDR/XDR platforms and SIEM technologies.
• Proficient technical level of digital forensic and security incident response required.
• Capable of identifying vectors of threats and security incidents, remediating or coordinating remediation, and documenting the incident response process.
• Demonstrate integrity and judgment within a professional environment.
• Ability to balance work and personal priorities appropriately.
• Experience configuring and managing security systems.
• Experience configuring and managing UTM devices.
• Experience using threat intelligence platforms for continuous monitoring.
• Experience using vulnerability management/scanning tools and delivering valuable output to senior management.
• Strong host-based security experience, leveraging host-based security systems for investigations and resolution.
• Solid file system and malware behavioral knowledge; experience building a forensic capability; expertise with forensics tools.
• Knowledge of the cyber threat landscape and APT groups.
• Familiarity with the MITRE ATT&CK framework and ability to identify incident types and attack lifecycle.
• Knowledge of change management process and experience proposing and presenting changes to enterprise infrastructure.

This position will not supervise employees.

Must have at least two (2) certifications in information security from a reputable organization. Desirable certifications include GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP, or equivalent.

The employee works in an indoor office setting with moderate noise and is required to lift…