Capital One
Senior Associate, Digital Forensic Examiner (DFE)
Capital One, Mc Lean, Virginia, us, 22107
Senior Associate, Digital Forensic Examiner (DFE)
Capital One
is looking for a Digital Forensic Examiner (DFE) to join the Cyber Insider Threat & Technical Investigations team. The DFE role will work closely with other Cyber teams and Lines of Business (LOBs) to support internal investigations, incident response, and external investigations. Role duties include conducting forensics collections, data preservation, and analysis of data artifacts collected from electronic devices such as laptops, workstations, servers, cell phones, and multi-cloud architecture. Responsibilities: Secure handling/collection of digital evidence and maintaining chain of custody Assist internal investigations leveraging the use of digital forensics technologies, practices, and philosophies Support partner external investigations/incident response Managing multiple cases and prioritizing workload Develop, follow, and maintain documentation (job aids, playbooks, SOPs, etc.) which provide a visual depiction of various operational investigative workflows Identify and enhance processes where automation has the potential to improve efficiency Create, prepare, and defend detailed technical investigative reports for presenting findings to leadership, corporate investigations, and legal partners Assist in maintenance and testing of forensic tooling and processes ensuring integrity of forensics collection, preservation, and analysis across an evolving ecosystem Occasional travel to Forensic Labs at Capital One people centers may be required Basic Qualifications: High School Diploma, GED or equivalent certification At least 2 years of experience working in cybersecurity or information technology At least 2 years of experience in digital forensics, incident response or cyber investigative analysis At least 2 years of experience with computer hardware components, file systems, computer networks, IT security or incident response Preferred Qualifications: Bachelor’s Degree in Digital Forensics, Computer Science, Information Systems, or Software Engineering 2+ years of experience with forensic preservation, collection, and analysis of operating systems, e-mail systems, or mobile devices 2+ years of experience leading or conducting cyber technical investigations utilizing one of the following digital forensics and incident response tools: EnCase, FTK, Axiom, X-Ways, or Cellebrite 2+ years of technical troubleshooting experience 1+ years of experience with Insider Threat or Data Loss Prevention programs, incident management, or investigative programs and the ability to identify anomalous activities and associated risks 1+ years experience in investigating cloud computing platforms including AWS, GCP, or Azure 1+ years of experience writing queries in Structured Query Language (SQL) or Kibana Query Language (KQL) with a focus on log parsing 1+ years of experience developing and communicating recommendations to non-technical business areas 1+ years of experience with evidence handling and chain of custody procedures One or more of the following recognized industry certifications: GIAC GCFA, GIAC GCFE, GIAC GSAF, CFCE, CCE, GCIA, GCIH, Security+, EnCE, or CISSP At this time, Capital One will not sponsor a new applicant for employment authorization for this position. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days. No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace.
#J-18808-Ljbffr
Capital One
is looking for a Digital Forensic Examiner (DFE) to join the Cyber Insider Threat & Technical Investigations team. The DFE role will work closely with other Cyber teams and Lines of Business (LOBs) to support internal investigations, incident response, and external investigations. Role duties include conducting forensics collections, data preservation, and analysis of data artifacts collected from electronic devices such as laptops, workstations, servers, cell phones, and multi-cloud architecture. Responsibilities: Secure handling/collection of digital evidence and maintaining chain of custody Assist internal investigations leveraging the use of digital forensics technologies, practices, and philosophies Support partner external investigations/incident response Managing multiple cases and prioritizing workload Develop, follow, and maintain documentation (job aids, playbooks, SOPs, etc.) which provide a visual depiction of various operational investigative workflows Identify and enhance processes where automation has the potential to improve efficiency Create, prepare, and defend detailed technical investigative reports for presenting findings to leadership, corporate investigations, and legal partners Assist in maintenance and testing of forensic tooling and processes ensuring integrity of forensics collection, preservation, and analysis across an evolving ecosystem Occasional travel to Forensic Labs at Capital One people centers may be required Basic Qualifications: High School Diploma, GED or equivalent certification At least 2 years of experience working in cybersecurity or information technology At least 2 years of experience in digital forensics, incident response or cyber investigative analysis At least 2 years of experience with computer hardware components, file systems, computer networks, IT security or incident response Preferred Qualifications: Bachelor’s Degree in Digital Forensics, Computer Science, Information Systems, or Software Engineering 2+ years of experience with forensic preservation, collection, and analysis of operating systems, e-mail systems, or mobile devices 2+ years of experience leading or conducting cyber technical investigations utilizing one of the following digital forensics and incident response tools: EnCase, FTK, Axiom, X-Ways, or Cellebrite 2+ years of technical troubleshooting experience 1+ years of experience with Insider Threat or Data Loss Prevention programs, incident management, or investigative programs and the ability to identify anomalous activities and associated risks 1+ years experience in investigating cloud computing platforms including AWS, GCP, or Azure 1+ years of experience writing queries in Structured Query Language (SQL) or Kibana Query Language (KQL) with a focus on log parsing 1+ years of experience developing and communicating recommendations to non-technical business areas 1+ years of experience with evidence handling and chain of custody procedures One or more of the following recognized industry certifications: GIAC GCFA, GIAC GCFE, GIAC GSAF, CFCE, CCE, GCIA, GCIH, Security+, EnCE, or CISSP At this time, Capital One will not sponsor a new applicant for employment authorization for this position. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days. No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace.
#J-18808-Ljbffr