Incident Response Forensic Analyst

Position Overview and Objective

The Incident Response Forensic Analyst is a junior member of the Digital Forensics and Incident Response (“DFIR”) team that can handle most aspects of the forensic investigation independently but may need assistance from more senior members of the team. The Forensic Analyst is expected to assist with the investigation of network intrusion incidents and fulfill all technical tasks associated with Business Email Compromise (“BEC”) incidents.

Primary Responsibilities and Duties

Technical Competencies

• Assist with/conduct forensic investigations for organizations that have suffered an attack from targeted threats, such as Advanced Persistent Threats, Organized Crime, and politically motivated groups, or from commodity threats such as ransomware groups.
• Perform host forensic analysis primarily on Windows based systems; Assist with the investigation of Linux and Mac OS based systems.
• Perform network analysis using a variety of tools and log sources to include firewall logs, NetFlow, and logs generated from a variety of network intrusions detection/prevention tools.
• Conduct all aspects of a Business Email Compromise (“BEC”) investigation to include scoping, data collection and analysis, and reporting.
• Assist with the forensic acquisition and analysis from Azure, Amazon Web Services (“AWS”), and Google Cloud Platform (“GCP”) environments.
• Leverage applicable tooling to contain and eradicate a threat actor’s presence from a client’s network when responding to live intrusion events.

Communication and Client Management

• Communicate both executive and detailed level findings in verbal and written form with the assistance of senior team members if necessary
• Communicate IOCs with colleagues and applicable internal teams to help develop the Arctic Wolf platform.
• Collaborate with senior members of the team to make recommendations to the client

General

• Participate in weekday escalation and weekend/holiday on call schedules.
• Conduct audits and peer review of incident reports. 
• Fosters information sharing and collaboration.

About Arctic Wolf  

At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022).  

Our Values  

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.  

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.   

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.  

All wolves receive compelling compensation and benefits packages, including: 

·         Equity for all employees  

·         Bonus or commission pay based on role 

·         Flexible time off, paid volunteer days and paid parental leave  

·         401k match 

·         Medical, Dental, and Vision insurance 

·         Health Savings and Flexible Spending Agreement 

·         Voluntary Legal Insurance 

·         Training and career development programs  

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.  

Security Requirements  

• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies). 
• Background checks are required for this position.  
• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”).  Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.

Come join the Pack during this exciting time of rapid growth where every employee makes a difference and their contributions are recognized and rewarded.