Digital Forensics Analyst SA

Company Description

We’re re-imagining mining to improve people’s lives. That includes the lives of everyone who works for Anglo American. We strive to be a great company where employees are happy, inspired to do their best work. A place where every colleague can grow, develop and realise their potential. To live up to our Always with Purpose employee value proposition, we’re putting the development and growth of colleagues first by ensuring everyone at Anglo American has the career experience they deserve.

Job Description

• As a Digital Forensics Analyst, the role is to support Cyber Investigations with corporate investigations and the Security Operations Centre with incident response.
• Utilise forensic tools and techniques to recover and preserve data from digital devices and cloud sources.
• Stay abreast of digital forensics best practices and evolving cyber threats to enhance investigation and incident response capabilities.
• Assist in the development and improvement of digital forensics procedures and protocols.
• Maintain the chain of custody and ensure the integrity of digital evidence throughout the investigation process.
• Utilise e-discovery software to support investigations and breaches.
• Utilise security log collection and analysis to support investigations and breaches.
• Conduct digital investigations, collecting and analysing electronic evidence for corporate investigations and cyber security purposes.
• Collaborate with law enforcement, legal teams, and internal stakeholders to support digital investigations.
• Prepare detailed forensic reports and legal format/expert testimony for use in legal proceedings.
• Understanding the Incident Response process and how forensics support the process.
• Perform forensic analysis of malware and other cyber infections to establish behaviours, processes and steps of an attack and communicate these to threat hunting and intelligence teams.

Qualifications

• (Bachelors / Honours degree or equivalent) in computer science, business informatics, engineering/technology or equivalent.
• (Masters / Doctoral degree or equivalent) in computer science, business informatics, engineering/technology or equivalent would be advantageous.
• Professional certifications and experience in Information Security from industry standard security frameworks, e.g. ISACA, BCS, CIPP, ITIL, Crest, ISC2, COMPTIA and key security vendors including Microsoft, Crowdstrike, Qualys, IBM.

•  

   

  Technical Knowledge:

Must have:

• Advanced knowledge of computer systems, data recovery, network protocols, file formats, encryption, and chain of custody procedures.
• Advanced knowledge of forensic software and hardware; Axiom, FTK, Cellebrite, remote collection processes.
• Advanced knowledge of e-discovery software and processes; Epic, Nuix, Microsoft Purview
• Understanding of threat actors, attack vectors, and emerging cyber threats.
• Knowledge of cloud security principles and best practices.
• Awareness of relevant cybersecurity regulations and standards (e.g., GDPR, HIPAA, NIST).
• Understanding of mobile device security, including mobile operating systems and app security.
• Understanding of encryption algorithms, key management, and secure communication protocols.
• Experience with securing and log analysis of cloud environments on platforms like AWS, Azure, or Google Cloud.
• Ability to analyze network traffic and user account activity to identify anomalies.
• Understanding of data breaches and the process of collection, investigation and reporting in region.
• Ability to implement encryption solutions to protect data at rest and in transit.

Desired:

• Understanding of network protocols, architectures, and components.
• Ability to configure and manage network security devices.
• Familiarity with firewalls, intrusion detection/prevention systems (IDS/IPS), and network monitoring tools.
• Proficiency in securing various operating systems, including Windows, Linux, and macOS.
• Knowledge of system hardening techniques, patch management, and access controls.
• Ability to monitor and analyze threat intelligence sources to identify potential risks.
• Understanding of security assessments and penetration testing.
• Experience in configuring data loss prevention (DLP) policies and monitoring data flows.
• Understanding of DLP solutions to prevent unauthorized data leakage.
• Understanding of secure coding principles to develop and maintain secure applications.
• Understanding of TCP/IP protocols, subnetting, routing, and network architecture.

Additional Information

Who we are

We aim to lead the industry by pursuing ever safer and more responsible ways of working, demonstrating integrity and showing care and respect for people and the planet. That means we are constantly seeking new opportunities to mine and process our products sustainably, using less water, less energy and more precise extraction technologies. As the custodians of coal and other precious natural resources – diamonds (through De Beers), copper, platinum and other precious metals, iron ore and nickel – our extraordinary teams work safely and collaboratively, with the utmost consideration for local communities, our customers and the world at large.

How we are committed to your safety

Nothing is more important to us than ensuring you return home safely after a day’s work. To make that happen, we have the most rigorous safety standards in the industry. Not only that, we’re also continually investing in new technologies – from drones to data analytics – that are helping to make mining safer.

Inclusion and Diversity

Anglo American is an equal opportunities employer. We are committed to promoting an inclusive and diverse workplace where we value and respect every colleague for who they are and provide equality of opportunity so that everyone can fulfil their potential.

How to apply

To apply for this role, please complete our online application form. You will have the opportunity to upload your CV and other relevant documentation as part of the process.

Advert closing date: 30 January 2025