Digital Forensic Investigator at Anglo American

Job Description:
Job responsibilities include (but are not limited to):

• As a Digital Forensics Analyst, the role is to support Cyber Investigations with corporate investigations and the Security Operations Centre with incident response.
• Utilise forensic tools and techniques to recover and preserve data from digital devices and cloud sources.
• Stay abreast of digital forensics best practices and evolving cyber threats to enhance investigation and incident response capabilities.
• Assist in the development and improvement of digital forensics procedures and protocols.
• Maintain the chain of custody and ensure the integrity of digital evidence throughout the investigation process.
• Utilise e-discovery software to support investigations and breaches.
• Utilise security log collection and analysis to support investigations and breaches.
• Conduct digital investigations, collecting and analysing electronic evidence for corporate investigations and cyber security purposes.
• Collaborate with law enforcement, legal teams, and internal stakeholders to support digital investigations.
• Prepare detailed forensic reports and legal format/expert testimony for use in legal proceedings.
• Understanding the Incident Response process and how forensics support the process.
• Perform forensic analysis of malware and other cyber infections to establish behaviours, processes and steps of an attack and communicate these to threat hunting and intelligence teams.

Qualifications:

• (Bachelors / Honours degree or equivalent) in computer science, business informatics, engineering/technology or equivalent.
• Professional certifications and experience in Information Security from industry standard security frameworks, e.g. ISACA, BCS, CIPP, ITIL, Crest, ISC2, COMPTIA and key security vendors including Microsoft, Crowdstrike, Qualys, IBM.

Technical knowledge(experience) required for role:

• Advanced knowledge of computer systems, data recovery, network protocols, file formats, encryption, and chain of custody procedures.
• Advanced knowledge of forensic software and hardware; Axiom, FTK, Cellebrite, remote collection processes.
• Advanced knowledge of e-discovery software and processes; Epic, Nuix, Microsoft Purview
• Understanding of threat actors, attack vectors, and emerging cyber threats.
• Knowledge of cloud security principles and best practices.
• Awareness of relevant cybersecurity regulations and standards (e.g., GDPR, HIPAA, NIST).
• Understanding of mobile device security, including mobile operating systems and app security.
• Understanding of encryption algorithms, key management, and secure communication protocols.
• Experience with securing and log analysis of cloud environments on platforms like AWS, Azure, or Google Cloud.
• Ability to analyze network traffic and user account activity to identify anomalies.
• Understanding of data breaches and the process of collection, investigation and reporting in region.
• Ability to implement encryption solutions to protect data at rest and in transit.

Technical skills 

• Understanding of network protocols, architectures, and components.
• Ability to configure and manage network security devices.
• Familiarity with firewalls, intrusion detection/prevention systems (IDS/IPS), and network monitoring tools.
• Proficiency in securing various operating systems, including Windows, Linux, and macOS.
• Knowledge of system hardening techniques, patch management, and access controls.
• Ability to monitor and analyze threat intelligence sources to identify potential risks.
• Understanding of security assessments and penetration testing.
• Experience in configuring data loss prevention (DLP) policies and monitoring data flows.
• Understanding of DLP solutions to prevent unauthorized data leakage.
• Understanding of secure coding principles to develop and maintain secure applications.
• Understanding of TCP/IP protocols, subnetting, routing, and network architecture.