Job description

At V4ensics we provide specialized cybersecurity services, namely digital forensics, malware analysis, expert witness testimony, incident response. In this context we offer a constant learning environment where employees meet new challenges every day as they dwell into handling incident or expert-witness cases, which might entail from a business e-mail compromise up to ransomware incidents, identify theft cases, copyright infringement cases, fraud cases etc. For this purpose, we are seeking a Mid Senior / Senior Digital Forensics Specialist, who will be part of a dynamic, growing team, responsible to dwell into any given information security incident or expert witness case.

Essential Responsibilities

• Identify the needs of a case and design a strategy to meet those needs
• Identify, acquire, and preserve evidence from existing systems in a forensically sound manner
• Analyze acquired evidence to meet the strategic needs of the investigation whilst maintaining an open mind as to the eventual outcome
• Be able to adjust to a case circumstances, think analytically and think of best (strategical / technical) approaches to handle a case
• Be able to research, document, and report on investigated incidents
• Use digital forensics / IR tools and be able to configure/tune these tools, as well as develop custom scripts if need be
• Report findings both verbally and in writing (in Greek or English) in a manner appropriate to the knowledge and experience of the audience
• Be able to demonstrate leadership abilities and ability to work under pressure / tension
• Maintain confidentiality, always using discretion and sound judgment
• Work from times to times off hours in case the need arises (e.g. a customer has a potential security incident and engages v4ensics to assist) – in such cases relevant additional compensation will be provided as predicted by the law –

Basic Qualifications

• 4-year degree in Computer Science or a related technical degree
• Master in Information Security or Digital Forensics will be considered a plus
• Strong verbal and written communication skills (in English and Greek)
• 3+ years’ of actual working experience in actual incident handling or digital forensics investigations
• 2+ years’ experience as a Security/Network/System Administrator or equivalent knowledge will be considered a plus.
• In-depth knowledge of various operating systems (Microsoft Windows, Linux, MacOS, Android, etc.)
• General knowledge of TCP/IP Protocols, Network analysis, Packet capture, Routing/Switching, Network segmentation, Network/System/Host level operating principals and security controls will be considered a plus.
• Working knowledge of various relational database technologies (Microsoft SQL, MySQL, Oracle, etc.) will be considered a plus
• Working knowledge of various security methodologies, processes, and technical security solutions (e.g. Firewalls, IDS/IPS, SIEMs, Auditing/Logging, etc.) will be considered a plus
• General knowledge of cloud based technologies and cloud security architecture basics will be considered a plus.
• Network+, Security+, CEH or related SANS certifications will be considered a plus
• Digital Forensic certifications (e.g. ENCE, CFCE, ACE) will be considered a plus
• Knowledge of Greek legal environment regarding cyber-crime will be considered a plus
• Expert-witness experience, namely experience with the legal system, either Criminal or Civil (even through provision of evidence / testimony before a Court) will be considered a plus

Desired Practical Technical Expertise

• Hands-on experience with Digital Forensics and Incident Response tools
• Experience of using EnCase or a similar forensic tool deployed across an Enterprise environment will be considered a plus
• Hands-on experience responding to events in on-premises and cloud-based environments such as Amazon Web Services and Microsoft Azure
• Hands-on experience with Antimalware solutions, such as McAfee, Norton, ClamAV, etc.
• Hands-on experience in using scripting languages such as JavaScript, PHP, VBScript, Perl, Python, Ruby, etc.
• Experience of using IDS/IPS monitoring and analysis tools will be considered a plus
• Experience of using network traffic and log analysis tools will be considered a plus
• Basic experience in malware analysis will be considered a plus
• Experience on using Elasticsearch based tools will be considered a plus

Clearance:

• Applicants selected will need to prove a clean criminal record and might be subject to a security investigation, in order to meet eligibility requirements for access to classified information.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; be passionate on their work; deliver in time and be focused, and drive ownership –always with unyielding integrity.

Job description

V4ensics Cybersecurity Consulting Services (e.g. Vciso, auditing) assist executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.  For this purpose, we are seeking a Senior / Mid – senior cybersecurity consultant, who will be part of a dynamic, growing team, who will work with our clients to get to know their business whilst guide their organization against national and international information security standards (e.g. ISO 27001). The provided cybersecurity consultant guidance will allow them to achieve a state of enhanced and sustainable Information Resilience.

Key Responsibilities

• Serve as the customer’s lead information security officer, overseeing all security initiatives, policies, and procedures
•  Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
•  Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise’s information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems

Key Duties

• Serve as a customer’s lead information security officer, overseeing all security initiatives, policies, and procedures
• Develop, implement, and monitor information security policies and procedures
• Develop and implement information security strategies including vulnerability assessments and penetration testing, and cybersecurity awareness and training.
• Perform information security awareness and training, either in person or through for example social engineering campaigns delivered through specialized platforms or open source tools
• Translate IT security risks into actionable requirements.
• Research emerging security threats and vulnerabilities and advise management on appropriate countermeasures.
• Create and implement strategic plans to secure a  customer’s IT infrastructure
• Perform risk assessment and vulnerability analysis
• Evaluate adequacy of third-party service providers
• Develop and implement security incident response plans
• Monitor and audit IT and company records

Qualifications/Requirements

• Bachelor Degree in Computer Science/Information Security or equivalent combination of education and experience that satisfy the requirements of the position
• Master in Information Security will be considered a plus
• Minimum of 7 to 10 years of experience as an Information Security Officer/Auditor or in a combination of risk management, information security and IT roles     4+ years’ of working experience as an information security auditor and / or an Information Security Officer
•  A recognized information security certification (e.g., CISM, CISSP, ISO 27005, ISO 27001) will be considered a plus.
• Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS, and penetration testing
• Knowledge of industry best practices, standards and regulations (ISO27001, ISO27005, GDPR, PCI-DSS…)
• Excellent written and verbal communication skills (in Greek and English)
• High level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Strong passion and interest in information security
• Ability to collaborate with both technical and non-technical staff
• Ability to understand different business / organizational environments
• Organized, proactive and customer-oriented individual
• Good analytical skills with the ability to clearly explain and summarize ideas
• Strong critical thinking and problem solving skills
• Self-motivated individual and able to work methodically with minimal supervision
• Positive can-do attitude with a mature and professional approach

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; be passionate on their work; deliver in time and be focused, and drive ownership –always with unyielding integrity.