EY Digital Forensics and Incident Response Handler & regional Lead in Australia

Digital Forensics and Incident Response Handler & regional Lead

Core Business Services

Requisition # AUS0019W

Post Date 3 days ago

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.

With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job Summary:

The Digital Forensics & Incident Response (DFIR) Incident Handler & Regional Lead will work to address security incidents, hunt down security risks or incidents within the environment, and act as a supporting team member in Cyber Defense. This position requires a good understanding of technology, tools, policies, and standards related to security systems and incident response. The incumbent must be competent to work at a proficient technical level of digital forensic, security incident response, and malware analysis, capable of identifying vectors of threats and security incidents, able to remediate or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. Risk assessment techniques and good communication skills are a plus.

In addition this individual will be acting as a regional lead for team Incident Analysts, being a manager to said individuals, as well as an escalation point for incident case work.

Key responsibilities:

  • Lead investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified

  • Management over the regional DFIR Incident Handler/Analyst Team

  • Forensically analyze end user systems and servers found to have possible indicators of compromise

  • Analysis of artifacts collected during a security incident/forensic analysis

  • Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools

  • Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions

  • Provide consultation and assessment on perceived security threats

  • Maintain, manage, improve and update security incident process and protocol documentation

  • Regularly provide reporting and metrics on case work

  • Resolution of security incidents by identifying root cause and solutions

  • Analyze findings in investigative matters, and develop fact based reports

  • Demonstrated integrity and judgment within a professional environment

  • Ability to appropriately balance work/personal priorities

Knowledge, skills, and Experience requirements:

  • Demonstrated integrity in a professional environment

  • Global mind-set for working with different cultures and backgrounds

  • Knowledgeable in business industry standard security incident response process, procedures, and life-cycle

  • Excellent teaming skills

  • Good social, communication, and writing skills

  • Must be willing to be on-call off hours in rotation with other team members (Required)

  • 7+ years experience in at least two of the following roles:

  • SOC Analyst

  • Security Incident Response Analyst or supporting function (3 years minimum)

  • eDiscovery or related role performing forensic functions

  • Deep understanding of security threats, vulnerabilities, and incident response

  • Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis

  • Be familiar with a basic understanding of legalities surrounding electronic discovery and analysis

  • Experience with SIEM technologies (i.e. Splunk)

  • Deep understanding of both Windows and Unix/Linux based operating systems

  • Experience in managerial responsibilities and oversight of employees

Qualifications, certifications, and education requirements:

  • Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field

  • Candidates must hold or be willing to pursue related professional certifications such as GCFE, GCFA, GCIH, CISM, or CISSP

Who we are

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service while allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.