Job Category: Information Technology

Manager, High Tech Investigations (BC)

Job Location: Jersey City, NJ

This position requires the ability to proactively work with others across the Enterprise to develop processes associated with User Behavior Analytics. The Manager provides specialized support by gathering, handling, examining, preparing, entering, searching, retrieving, identifying and/or comparing digital and/or physical evidence. The Manager will review identified risks from a UBA tool and work with the businesses, HR, Global Communications, Privacy, Compliance, Risk and other departments on dealing with output from the tool. The Manager observes proper evidence custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports. In addition to the UBA focus area, the Manager will be tasked with traditional investigative and forensic activities. Analysis of the collected information/intelligence will be utilized to improve the company’s security and investigative posture.

The Manager will have the opportunity to identify new tools and methods for proactively identifying misconduct involving computer technology. The successful candidate will possess strong technical and interpersonal skills, will provide technical subject matter expertise and will have proven ability to handle multiple high-profile matters and to work under pressure with minimal supervision. The Manager may be asked to participate in a variety of industry working groups and task force operations within the tri-state area.

Roles & Responsibilities:
Establish and oversee the tools, processes, and operations of user behavior analytics. Conduct risk-based analysis of users and groups across the entire enterprise; develop investigative action plans based on findings. Work with a cross section of other control functions within the Enterprise to identify and respond to alerts. Lead highly sensitive, complex, and confidential high-tech investigations into incidents of data loss and intellectual property theft, technology misuse, conflict of interest, and other types of matters. Actively work with partners across numerous cybersecurity and investigative focus areas. Forensically preserve electronically stored information (ESI), perform data analysis, and perform e-discovery collections in support of corporate investigations. Perform real-time incident handling, including forensics collections and intrusion correlations and tracking. Conduct and memorialize investigative interviews and generate investigative summary reports outlining the investigation process and results. Assist the High Tech Investigations Unit as necessary with other investigative engagements.

Required Qualifications:
Over 7 years professional experience, including at least five years of insider threat, UBA, or high-tech investigation program experience, a minimum of two years involving financial services investigations. Must have a history of independently leading investigations with minimal supervision. Experience configuring and utilizing user and/or entity behavior analytics (UBA/UEBA) products such as Risk Fabric and Exabeam. Advanced knowledge of mainstream desktop/server operating systems (UNIX, Windows, OSX, and Linux) and file systems (NTFS, exFAT, FAT, HFS/HFS+, APFS, EXT2/3/4). Experience with commercial forensic utilities including X-ways, EnCase, Forensic Toolkit (FTK), BlackBag BlackLight, Internet Evidence Finder (IEF)/Axiom, Cellebrite Physical Analyzer, Oxygen Forensics, etc. Excellent analytical and problem-solving skills. Excellent written and oral communication skills. Industry-accepted certifications (EnCE, CCE, GCFE, GCFA, GCIH, GREM, CFCE, CISSP, etc.). Candidate must be a licensed driver and own reliable transportation.

Preferred Qualifications:
Advanced knowledge and experience using Splunk to execute complex search queries and generate reports. Advanced understanding of enterprise networking concepts and protocols. Experience with analysis of security events from multiple sources including but not limited to events from Security Information Monitoring (SIEM) tools, network and host based intrusion detection systems, firewall logs, system logs (Unix and Windows), mainframes, mid-range, applications, and databases. Advanced knowledge of mainstream mobile operating systems (iOS, Android, BlackBerry OS) and file systems (APFS, F2FS, JFFS2, YAFFS2, EXT/2/3/4). Advanced understanding of common server, desktop, and mobile operating systems (Windows, OSX, Linux) and corresponding file systems (NTFS, FAT, HFS+, EXT, iOS, Android, etc.). Experience with Microsoft’s Protection Center and the greater Office 365 architecture. Proven experience in conducting investigative interviews, including writing memorandums of interviews. Formal interview training is preferred. Experience with Carbon Black endpoint detection and response software. Experience performing random-access memory (RAM) forensics utilizing the Volatility Framework, Google Rekall, or Mandiant Redline. Experience performing static, dynamic, and reverse engineering of malicious software. Familiarity with common malware analysis tools including IDA Pro, Ollydbg, WinDbg, RegShot, Process Monitor, CaptureBAT, REMnux, Wireshark etc. Comprehensive understanding of adversarial exploitation, privilege escalation, persistence, and lateral movement techniques. Experience with open source forensic utilities and distributions including Autopsy/The Sleuth Kit, Plaso/Log2Timeline, Bulk Extractor, foremost, scalpel, SIFT, REMnux, CAINE, Raptor, etc. Knowledge of and experience with eDiscovery methodology, best practices, and processing and review platforms (Clearwell and Relativity preferred). Advanced knowledge of cloud computing platforms including Amazon Web Services (AWS) and Microsoft Office 365. Experience with automation scripting (Python, Perl, Ruby, PowerShell, Bash, etc.). Experience with Microsoft PowerShell, particularly with regard to writing queries for Office 365 user data. Experience with the gathering and analysis of threat intelligence. Experience with computer network surveillance/monitoring.

Please contact Brian Clark at


Recruiter LinkedIn Page