Job Purpose
The ICE Cybersecurity Digital Forensics and Incident Response (DFIR) team is responsible for defending critical financial infrastructure from Global Cyber threats. This role is suited for both entry-level analysts and experienced engineers, with responsibilities and growth opportunities tailored to each level. You will work alongside experienced professionals to investigate security events, analyze data, and contribute to protection of ICE's digital assets.
Responsibilities
- Email Threat Analysis: Review and triage user reported emails to identify phishing attempts, malware delivery, and other malicious content. Take appropriate containment actions and support eradication efforts to prevent recurrence.
- Data Loss Prevention: Analyze DLP alerts to detect potential data exfiltration or policy violations.
- Operations: Handle stakeholder requests and enquiries related to cybersecurity operations. Address security concerns by providing guidance, resolving access or policy-related issues, and coordinating with internal teams to ensure timely and secure solutions.
- Incident Detection and Response: Detect, document, investigate, and resolve security incidents in an efficient manner.
- Intrusion Detection & Alert Tuning: Monitor security tools and telemetry for signs of compromise. Contribute to tuning detection rules to reduce false positives and improve alert fidelity.
- Behavioral Analysis: Develop and implement criteria to detect anomalous user behavior that may indicate insider threats or policy violations.
Desirable Knowledge and Experience
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, related technical field, or equivalent practical experience.
- Exposure to software development environments or financial services is a plus.
- Hands-on experience with enterprise security tools including SIEM (e.g., Splunk, QRadar), IDS/IPS, forensic suites (e.g. EnCase, Volatility, Autopsy, X-Ways, Magnet Axiom), and malware analysis platforms.
- Proficient in at least one scripting language (e.g. Python, Bash, PowerShell, JavaScript, etc.)
- Experience in cloud and container security, including incident response in AWS, Azure, and hybrid environments.
- Familiarity with MITRE ATT&CK framework and threat intelligence platforms.
- Demonstrated ability to communicate complex technical findings to both technical and non-technical audiences.
- Relevant certifications such as GIAC GCFA, GCIA, GCIH, CISSP, or OSCP.
