CenturyLink Digital Forensics and eDiscovery Engineer in DENVER, Colorado
CenturyLink (NYSE: CTL) at http://www.centurylink.com/ is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.
The Lead Information Security Engineer in Forensics and Discovery Services (FADS) is responsible for performing forensic examinations and litigation discovery (eDiscovery). In addition to being well-versed in employing a variety of forensic and data management tools to search, locate, copy, analyze, produce and report on Electronically Stored Information (ESI), the Candidate will develop and maintain tools and processes that enable the group to continuously improve. The candidate will work closely with other groups/departments starting with the CIRT (Cybersecurity Incident Response Team) and extending to Legal, Records, Corporate Compliance, Human Resources/Labor Relations, Information Technologies/Messaging and other business units as the need arises.
In addition to being a very effective verbal and written communicator, the candidate should have excellent analytical and problem solving skills related to operating systems, virtualization, encryption, forensics, investigation techniques and application development/programming.
Perform (and provide training and support for) Forensic investigations, CIRT forensics and eDiscovery
Utilize programming skills (Python, Perl, etc.) to improve team capabilities and efficiency.
Contribute to the deployment of FADS infrastructure implementation projects
Tertiary escalation point of contact for Records, Legal, Legal Hold, Forensics, eDiscovery and Data Recovery.
Maintain forensic lab systems, knowledgebase, indexes and databases
Software and hardware configuration/installation planning.
Software and hardware problem resolution escalation.
Develop and Maintain Process and Best Practices Documentation
Interface with Information Security Engineering, Compliance, Records, Legal and IT for issues, projects, and security concerns/ solutions.
Contribute to architectural direction/recommendations for the FADS team to management for all technical project and planning concerns.
Represent the FADS team as subject matter expert in all areas and role scopes with management, other departments, and vendors.
Self-supervising within guidance and expectations of management
Provides guidance to departments/many groups of the Corporate Security organization
Acts independently at the organizational level. Outcomes reviewed by Senior Leadership
Able to effectively train people outside his/her work group. Able to give effective presentations to critical/high level management/customers and effectively represent the FADS group on review panels and cross-organizational teams. Can write convincing proposals and reports with all necessary backup material for external consumption.
Education: 5+ years of dedicated Incident Response and Computer Forensics work experience
Certification (applicable list, at least one of the following): CISSP, EnCE, GCFA, CCE, CFCE, CSFA, and, in addition, any vendor product certifications (if training is supported)
Consistently demonstrates extremely high levels of technical knowledge, ingenuity and creativity. Develops and applies advanced technologies, engineering principles, theories and concepts. Broad knowledge about the design and operation of systems outside of specialty.
Be able to learn master and teach in the following technical subject areas
Multiple OSes, Windows 7/10/Server, 'Nix variants including Red Hat, Ubuntu, Cent OS, Mac OS, Mobile Device platforms
Host Forensics: Enterprise and open-source forensic programs and supporting tools
Network Forensics: Wireshark/add-ons or similar
Memory Forensics: Memoryze, Redline, Volatility or similar
Virtual machine environments including for research and testing and including knowledge of different virtual file formats and VM management
Attack Forensics: Nessus, Metasploit and other tools
Maintain a knowledge of forensic and anti-forensic techniques, modern hacker tools, methodology, and attack trends, when necessary conducting research to find, learn and deploy new forensic tools and techniques.
Maintain forensic examination report documentation, participate in post-mortems, and write incident reports.
Maintain FADS process documents for Forensics & eDiscovery
Maintain forensic lab systems, knowledgebase, indexes and databases.
Alternate Location: US-Colorado-Denver
Requisition # : 213542
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.