DFIR Engineer

Apply Now

Company: Ellington Solutions

Location: Atlanta, GA 30349

Description:

Ellington Solutions is seeking out qualified candidates that will:

Practical experience in Digital Forensics & Incident Response (DFIR)
Carry out comprehensive forensic examinations on endpoints
Conduct proactive threat hunting
Work in conjunction with SOC Tier 2 analysts to offer technical insights
Evaluate and address cyber threats in real-time
Participate in investigations related to incident response
Utilize advanced security tools (e.g., CrowdStrike, Splunk)
Engage in team meetings, share knowledge, and contribute to process enhancements
Uphold high standards of communication and documentation

Requirements

The qualified candidates will have:

At least five years of experience in Cybersecurity or a similar discipline.
Proficient in one or more cloud platforms and familiar with cloud security practices.
Comprehension of computer networking principles and protocols, along with network security methods such as network traffic analysis and packet-level scrutiny using tools like Wireshark and tcpdump.
Acquainted with Windows and Unix ports and services.
Familiarity with current identity and access management strategies.
Hands-on experience with automation, machine learning, and/or artificial intelligence.
Knowledge of various types of digital forensics data, with the capability to identify and collect persistent data.
Understanding of different file system architectures (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]), and awareness of which system files (e.g., log, registry, and configuration files) contain relevant information and their respective locations.
Knowledge of protocols for the collection and preservation of digital evidence.
Proficiency in Digital Forensics & Incident Response (DFIR), as well as expertise in Threat Hunting and Incident Response at a Tier 3 level.
Strong communication, organizational, and collaborative skills.