DFIR Engineer

Ellington Solutions is seeking out qualified candidates that will:

• Practical experience in Digital Forensics & Incident Response (DFIR)
• Carry out comprehensive forensic examinations on endpoints
• Conduct proactive threat hunting
• Work in conjunction with SOC Tier 2 analysts to offer technical insights
• Evaluate and address cyber threats in real-time
• Participate in investigations related to incident response
• Utilize advanced security tools (e.g., CrowdStrike, Splunk)
• Engage in team meetings, share knowledge, and contribute to process enhancements
• Uphold high standards of communication and documentation

Requirements

The qualified candidates will have:

• U.S. Citizenship (Required)

• At least five years of experience in Cybersecurity or a similar discipline.
• Proficient in one or more cloud platforms and familiar with cloud security practices.
• Comprehension of computer networking principles and protocols, along with network security methods such as network traffic analysis and packet-level scrutiny using tools like Wireshark and tcpdump.
• Acquainted with Windows and Unix ports and services.
• Familiarity with current identity and access management strategies.
• Hands-on experience with automation, machine learning, and/or artificial intelligence.
• Knowledge of various types of digital forensics data, with the capability to identify and collect persistent data.
• Understanding of different file system architectures (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]), and awareness of which system files (e.g., log, registry, and configuration files) contain relevant information and their respective locations.
• Knowledge of protocols for the collection and preservation of digital evidence.
• Proficiency in Digital Forensics & Incident Response (DFIR), as well as expertise in Threat Hunting and Incident Response at a Tier 3 level.
• Strong communication, organizational, and collaborative skills.