الوصف الوظيفي
General
The candidate should have:
minimum 4 years of professional experience in Digital Forensics and Incident Response
language skills to communicate in English
background in IT Security
relevant certifications for DFIR and security
knowledge about operating systems (Windows, Linux), memory forensics, networking and core TCP/IP protocols
a basic understanding of core processes in DFIR like the “Cyber Kill Chain” and others
Host Forensics
Understanding Windows, Active Directory and Linux/ Unix core functions like:
processes and services/ daemons
file systems (NTFS, ext3, ext4, APFS and others)
registry on Windows and core files in /etc/ on Unix
event logging on Windows and Unix/ Linux
Any candidate must be able to analyse core evidence on Windows systems like:
prefetch, shimcache, LNK files and shellbags
timestamps in the file system and in NTFS files like $MFT, $J and $Logfile
common autostart locations in the registry and the Windows operating system
Host forensics can be done on the live operating system or on forensic hard drive images. The applicant must be able to perform both, and should know the right processes to preserve, gather and analyse evidence in both scenarios.
Memory Forensics
We expect experience in:
creating memory dumps with various tools
analysing memory dumps with Volatility, Rekall or other products
Networking Concepts and Network Forensics
For this job it is necessary to have at least a basic understanding of:
routing, switching and firewalling
knowledge about core protocols like DNS, SSH, SMB, Kerberos, SFTP, HTTP/S, ARP, SMTP, IMAP and DHCP
capturing packets with Wireshark or other common tools
analysing basic network traffic and recognizing the aforementioned protocols from their PCAP files
Attackers and Malware
The candidate must have experience in dealing with malware of all kinds. We expect knowledge about:
common attack vectors attackers use to compromise customer environments
different types of malware like trojans, worms and ransomware
persistence mechanisms on Windows and Linux
log analysis and correlation
Nice-to-have Skills and Experience
It is a bonus, if the candidate has experience in some of the following areas:
security advisory and consulting
system administration
programming languages and scripting, especially Python or a high-level language like C#, C++
penetrations testing, red teaming or vulnerability assessments
malware analysis
Experience with the following tools and software is beneficial, too:
write blockers from CRU and/ or Logicube
Wireshark, Volatility (Volexity) and FTK Imager
X-Ways Forensics or any other professional tool for forensic investigations
Any other open-source of commercial tool to conduct digital forensic investigations
Microsoft Office and O365
المهارات
General
The candidate should have:
minimum 4 years of professional experience in Digital Forensics and Incident Response
language skills to communicate in English
background in IT Security
relevant certifications for DFIR and security
knowledge about operating systems (Windows, Linux), memory forensics, networking and core TCP/IP protocols
a basic understanding of core processes in DFIR like the “Cyber Kill Chain” and others
Host Forensics
Understanding Windows, Active Directory and Linux/ Unix core functions like:
processes and services/ daemons
file systems (NTFS, ext3, ext4, APFS and others)
registry on Windows and core files in /etc/ on Unix
event logging on Windows and Unix/ Linux
Any candidate must be able to analyse core evidence on Windows systems like:
prefetch, shimcache, LNK files and shellbags
timestamps in the file system and in NTFS files like $MFT, $J and $Logfile
common autostart locations in the registry and the Windows operating system
Host forensics can be done on the live operating system or on forensic hard drive images. The applicant must be able to perform both, and should know the right processes to preserve, gather and analyse evidence in both scenarios.
Memory Forensics
We expect experience in:
creating memory dumps with various tools
analysing memory dumps with Volatility, Rekall or other products
Networking Concepts and Network Forensics
For this job it is necessary to have at least a basic understanding of:
routing, switching and firewalling
knowledge about core protocols like DNS, SSH, SMB, Kerberos, SFTP, HTTP/S, ARP, SMTP, IMAP and DHCP
capturing packets with Wireshark or other common tools
analysing basic network traffic and recognizing the aforementioned protocols from their PCAP files
Attackers and Malware
The candidate must have experience in dealing with malware of all kinds. We expect knowledge about:
common attack vectors attackers use to compromise customer environments
different types of malware like trojans, worms and ransomware
persistence mechanisms on Windows and Linux
log analysis and correlation
Nice-to-have Skills and Experience
It is a bonus, if the candidate has experience in some of the following areas:
security advisory and consulting
system administration
programming languages and scripting, especially Python or a high-level language like C#, C++
penetrations testing, red teaming or vulnerability assessments
malware analysis
Experience with the following tools and software is beneficial, too:
write blockers from CRU and/ or Logicube
Wireshark, Volatility (Volexity) and FTK Imager
X-Ways Forensics or any other professional tool for forensic investigations
Any other open-source of commercial tool to conduct digital forensic investigations
Microsoft Office and O365
تفاصيل الوظيفة
منطقة الوظيفة الجبيل, المملكة العربية السعودية
قطاع الشركة الاتصالات والشبكات; أمن المعلومات و الشبكات; خدمات تكنولوجيا المعلومات
طبيعة عمل الشركة صاحب عمل (القطاع الخاص)
الدور الوظيفي تكنولوجيا المعلومات
نوع التوظيف غير محدد
الراتب الشهري غير محدد
عدد الوظائف الشاغرة غير محدد
المرشح المفضل
المستوى المهني متوسط الخبرة
https://www.bayt.com/ar/saudi-arabia/jobs/principle-consultant-dfir-4298329/
نسخة للطباعة 
ابلغ عن اعلان مخالف