Cybersecurity Forensics Analyst - Expert

Job Description

The Cybersecurity Operations Analyst, Expert will use Huntington's forensics tools to complete investigations and respond to Information Security incidents as appropriate.  He/she will serve within the DFIR (Digital Forensics & Incident Response) team to perform forensic investigations and Computer Incident Response Team (CIRT) functions, working with other forensics analysts to ensure all incidents and investigations are promptly addressed. The role works closely with members of the Cybersecurity Operations Center (CSOC), Insider Threat team, Corporate Security, Human Resources, and Legal to conduct forensics analysis, process digital evidence in support of litigation, and respond to cybersecurity incidents. 

ESSENTIAL RESPONSIBILITIES:

• Serves as a leader for Forensics Investigations, managing the CIRT and forensic workload.  Serves as a liaison for Legal, Corporate Security, Human Resources, and/or other areas requiring forensics support.  Advises lawyers and investigators on the relevance of data to a case or investigation.  
• May testify in court, if required. 
• Investigates reports of suspicious activity, analyzing evidence to determine the “who, what, when, and how” aspects of the incident. 
• Maintains the chain of custody for evidence used in crimes and/or incidents, including computers, mobile devices, and/or digital storage media.
• Tracks and reports on metrics pertinent to the forensics workload.
• Reviews technical and procedural documentation for systems and solutions to ensure completeness and accuracy.
• Maintains and updates Runbooks and other support documents as appropriate
• Provides input to architecture and technology teams on tools, processes, and requirements for forensics investigations
• Maintains current knowledge of hardware, software and network technology and recommends modifications as required
• Comply with the organization's cybersecurity policies, procedures among colleagues, contractors, alliances, etc.
• Assist with automation efforts to streamline incident response procedures and capabilities.
• Works with vendors to understand product roadmaps and plan for upgrades
• Provide after hours on-call forensic support on a recurring basis

BASIC QUALIFICATIONS:

• 5 years in a Forensics and Incident Response roles
• 2 Years Experience documenting and maintaining procedures/runbooks
• Bachelor's degree in Information Systems, Computer Science or related field preferred

PREFERRED QUALIFICATIONS:

• Experience working with Enterprise Forensics tools
• Experience with OpenText Enterprise EnCase solution, Exterro Forensics Took Kit, or similar solutions in an enterprise-wide deployment a plus
• Experience with mobile forensics tools such as Cellebrite, Oxygen, or XRY.
• Experience with Python, PowerShell, or Kusto Query Language
• Strong organizational skills
• Excellent communication and customer service skills
• SIEM/SOAR, EDR/XDR experience a plus
• Ability to develop strong partnerships
• Ability to work flexible hours
• Strong troubleshooting and problem-solving skills
• Forensics and Cybersecurity Certifications (GCFA, GCFE, GASF, GCFR, CFCE) or equivalent

#Hybrid

#LI-SG1

#LI-BM1

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Workplace Type:

Our Approach to Office Workplace Type

Certain positions outside our branch network may be eligible for a flexible work arrangement. We’re combining the best of both worlds:  in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Huntington is an Equal Opportunity Employer.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Note to Agency Recruiters:  Huntington Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume.  All unsolicited resumes sent to any Huntington Bank colleagues, directly or indirectly, will be considered Huntington Bank property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.