Contributes to digital forensic activities in pursuance of investigations and incident response. Performs repeatable, admin intensive processes by using industry established protocols and best practices.
Employs forensic tools and techniques to process and recover deleted, fragmented and corrupted data from digital media of all types. Conducts imaging and data extraction processes on a variety of media including laptops, removable media and basic mobile devices.
Observes proper chain of custody for evidence collection purposes. Documents procedures and findings and prepares comprehensive written notes and reports.
Can demonstrate awareness of best practice, including legal matters,
to ensure all activities conducted in a forensically safe manner when handling exhibits. This includes labelling of evidence, not making changes or interfering with evidence and understanding implications and documenting where this has occurred.
Follows procedures to investigate incidents and conduct forensic analysis.
Learns to conduct self-initiated research into forensic techniques and toolsets to keep current with best practice. Maintains awareness of any new legal constraints or case legislation.
Maintains a thorough awareness of the methods and tools used in the organisation.
Configures methods and tools for effective use, within a known context. This may involve one or more of the following activities: tool development, process definition, hardware/software installation, customisation, testing, documentation.
Provides expertise and support on the use of existing methods and tools.
Creates and updates the documentation of methods and tools.
Uses methods and tools in trials, under the direction of a more experienced colleague, identifying the strengths and weaknesses of the trial subject.
Conducts automated and manual vulnerability assessments. Creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Assesses effectiveness of security controls for infrastructure and application components and recommends remedial action.
Produces test scripts, materials and test packs to test new and existing software or services. Specifies requirements for environment, data, resources and tools.
Conducts automated and manual penetration testing including system exploitation. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results. Reviews test results and modifies tests if necessary.
Demonstrates and documents flaws in security and prepares formal reports. Provides reports on progress, anomalies, risks and issues associated with the overall project, software or service(s). Reports on system quality and collects metrics on test cases.
Maintains current knowledge of malware attacks, and other cyber security threats.
Provides specialist advice to support others.
Reviews compliance with information security policies and standards. Assesses configurations and security procedures for adherence to legal and regulatory requirements.
Qualifications and Experience
Applying automated systems to support specific business functions or processes and operational support systems. A DevOps approach may be taken where development and operational staff work together. Examples, but not limited to: enterprise resource planning and email services.
Corporate, Industry and Professional Standards
Applying standards, practices, codes, and assessment and certification programmes relevant to the IT industry and the specific organisation or business domain
Knowledge of the IT/IS infrastructure (examples, but not limited to: databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency (examples, but not limited to: virtualisation and on demand services).
Network Traffic Analysis
Methods and techniques for the capture of traffic information (packet level) and the forensic analysis of this information into its constituent elements.
The principles and application of cloud/ virtualisation (including ownership, responsibilities and security implications). Use of tools and systems to manage virtualised environments. Examples, but not limited to: Server/desktop virtualisation and SDDC (Software Defined Data Centre).
The policy of permitting employees to bring personally owned mobile devices (laptops, tablets, smart phones etc) to their workplace, and the implications of using those devices to access privileged company information and applications consistent with safeguarding corporate systems and data taking account of security and confidentiality requirements. Also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC).
Incident Management Tools
Including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases.
Endava is reimagining the relationships between people and technology. For the past 20 years it has helped some of the world's leading Finance, Insurance, Telecommunications, Media, Technology and Retail companies accelerate their ability to take advantage of new business models and market opportunities. We have more than 8200 employees located in close to client locations in Denmark, Germany, Netherlands, United Kingdom, United States and nearshore delivery centers in the EU: Romania, Bulgaria, Croatia and Slovenia; Central European Countries: North Macedonia, Moldova, Serbia and Bosnia and Herzegovina; Latin America: Argentina, Colombia, Uruguay and Venezuela.