Job Details

ID #44745819
State Arizona
City Phoenix
Job type Permanent
Salary USD TBD TBD
Source Charles Schwab & Co., Inc.
Showed 2022-08-10
Date 2022-08-09
Deadline 2022-10-08
Category Et cetera
Create resume

Digital Forensics Incident Response Analyst

Arizona, Phoenix, 85001 Phoenix USA

Vacancy expired!

Your Opportunity

The CSOC consists of 3 work streams; SOC (Security Operations Center), DFIR (Digital Forensics Incident Response) and Cyber Threat-Intelligence. DFIR is responsible for the identification, collection, correlation, analysis, and reporting of computer-related security events and incidents. This includes data collection and analysis from internal and external sources, to achieve the goal of reducing risk to the firm.

This individual works closely with a broad range of professionals at all levels within Schwab technology, internal and external legal, HR, and business representatives. The position will conduct investigations for malware campaigns and social engineering. The Security Incident Response Sr. Engineer will receive and respond to escalations from the Security Event Center. They will be expected to use Cyber intelligence to proactively seek out threats and protect firm from harm.

What you are good at

  • Liaison with Business Units, HR, Legal and/or external entities - Strong EnCase background
  • Assist in development and maintenance of the DFIR functions
  • Understand all phases of Incident Response and know which tasks occur at each phase: identification, containment remediation, recovery, after action reporting/lessons learned
  • Participate in Malware campaigns and malware analysis. including Static, Dynamic and Reverse analyzing
  • Complete technical forensics to include computer, memory, mobile and network forensics
  • Threat hunting; run searches against the SIEM for data hits or malicious activity
  • Identify type of attack and mitigating security reaction: denial of Service attacks (DNS, DDoS, Layer 7, etc.)
  • Utilize Cyber Intelligence work product for threat hunting and gauging our security posture to further strengthen security controls or providing information regarding findings to cyber intelligence
  • Develop indicators and cyber intelligence data to supply the Cyber Intelligence function with data for sharing, reporting and metrics
  • Handle high level incident response investigations coming from the Security Event Center, such as targeted web application attacks, DDoS attacks, Malware analysis or persistent scanning or foot printing activities
  • Ongoing networking, building intelligence networks
  • Continuous learning to maintain competitive advantage in the security space
  • Review of current tools and processes to find efficiencies or increased
  • Conduct investigations for malware campaigns, social engineering campaigns, and data breach events
  • Respond to 2nd level security events from the SOC in a timely manner. This may include malware analysis, targeted attacks, social engineering campaigns, DDoS attacks and related activities with 24x7 coverage

What you have

  • Serve as Incident Response Handler for the CSOC
  • Advanced malware analysis and response. Dynamic, Static and reverse analysis
  • Computer, Memory & Network Forensics knowledge
  • Knowledge Chain of custody and proper evidence handling
  • Advanced and current knowledge of malware families, campaigns and related threat groups
  • Experience with networking environments including Windows networking, Cisco, Juniper
  • Experience with Unix, Linux, Mac operating systems
  • Experience with litigation support and e-discovery
  • Support complex investigations into criminal activity, computer security incidents, policy violations, and compliance inquiries using forensic best practices
  • Knowledge of social engineering campaigns, exploit kits, tactics and techniques used by threat groups.
  • Assists in threat hunting operations with the CSOC
  • Advanced knowledge of network security and DOS/DDoS attacks and mitigation. Including DNS and Layer 7 attacks.
  • Advanced knowledge of web attacks and response (Web Application Firewalls, Network Firewalls, etc)
  • CISSP preferred
  • Industry Certification Required (This may me application agnostic or Major Vendor Security Certification) Examples would be ISC2, SANS, EnCe, Access Data or other.
  • Military education or experience may be considered in lieu of civilian requirements listed

Workplace Flexibility Program : We're proud to support our employees in a working approach that allows you to bring your best self to work - whether that's in the office or remote.
  • Most Schwabbies have the opportunity to voluntarily work in the office or at home based on their preference
  • When the firm is ready to fully return to the office, employees will have the flexibility of a hybrid work environment, spending some time working remote and some time in the office.
  • Employees and managers can discuss and decide what works best for them, with additional flexibility available based on their role, business needs, and individual circumstances.
Subject to change as Schwab is continually evaluating the current environment in order to best care for the safety and well-being of our employees.

Why work for us?

Own Your Tomorrow embodies everything we do! We are committed to helping our employees ignite their potential and achieve their dreams. Our employees get to play a central role in reinventing a multi-trillion-dollar industry, creating a better, more modern way to build and manage wealth.

Benefits: A competitive and flexible package designed to empower you for today and tomorrow. We offer a competitive and flexible package designed to help you make the most of your life at work and at home-today and in the future. Explore further .

Schwab is committed to building a diverse and inclusive workplace where everyone feels valued. As an Equal Opportunity Employer, our policy is to provide equal employment opportunities to all employees and applicants without regard to any status that is protected by law. Please click here to see the policy.

Schwab is an affirmative action employer, focused on advancing women, racial and ethnic minorities, veterans, and individuals with disabilities in the workplace. If you have a disability and require reasonable accommodations in the application process, contact Human Resources at or call .

TD Ameritrade, a subsidiary of Charles Schwab, is an Equal Opportunity Employer. At TD Ameritrade we believe People Matter. We value diversity and believe that it goes beyond all protected classes, thoughts, ideas, and perspectives.

Vacancy expired!

Subscribe Report job