Job title: Computer Forensic & Incident Management Manager
Organization National Information Technology
Category: IT/Software Development
Closing date: October 14, 2013
Key Result Areas/ Accountabilities
• Act as a Subject Matter Expert (SME) for incident response and forensics
• Manage and perform incident response activities including:
a. Searching device and server logs.
b. Locating malware on a computer
c. Identifying the attack vector
d. Remediating infected computer(s)
e. Building a timeline showing how the incident unfolded.
f. File carving
g. Briefing customer on extent of incident and response strategy
h. Perform storage forensics and Utilize Company-owned forensic tools (Encase, FTK, Helix, Wireshark, etc.) and other incident responses tools in the course of investigations
i. Utilize other Incident response tools such as nmap, Wireshark and Snort,
j. Perform network storage forensics (for example, capturing network traffic for analysis)
k. Perform file-system analysis and file carving (for example, to extract email, documents, and other trace evidence)
l. Establish timelines and patterns of activity of individuals and electronic devices and software
m. Follow forensically sound practices, including preserving chain of custody
n. Consult with Company legal team on privacy, policy and compliance concerns
o. Develop company wide remediation plan of actions as a result of investigative discovery within company business and IT infrastructure
p. Adequately communicate with all key stakeholders to ensure both confidentiality of information and expedient evidence collection
Required Minimum Qualifications:
• Bachelor’s degree in Computer Science, Information Technology, Information Science, Information Systems information Security or a related field from a recognized university
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA) credential is an added advantage
• A post graduate in a relevant field will be an added advantage.
• Networking and Operating Systems certifications / credentials.
• Broad information security knowledge and experience
• Working knowledge of forensic tools such as Encase, FTK, Helix, Knoppix, Slax, Sleuthkit, SIFT, BlackLight and/or MacForensicsLab
• Familiarity with the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, 802.11 wireless, firewalls, routers, network protocols and architecture, databases, VPN/RAS, IDS/IPS
• Understanding of risk-based frameworks
• Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP, HIPAA, FISMA, ISO, COBIT, NIST
• Very good understanding of MS Windows architecture and design
• Strong understanding of networking protocols such as RIP, EIGRP, OSPF, network tools such as wireshark and nmap and networking principles such as subnet masks, CIDR and spanning-tree protocol
• Ability to work on own initiative as well as in a team.
• Excellent business acumen.
• Analytical and problem –solving skills.
• Excellent interpersonal and communication and report writing skills.
• Capacity to establish credibility, trust and partnership.
• At least 3 years active experience as part of an incident response team working as an IR Handler (either in-house or as a consultant)
• Experience managing large and small scale incidents
• Experience leading digital forensic investigations
How to apply:
All interested applicants who meet the job requirements/specifications and with the right personal attributes are invited to submit their application form (which can be down loaded from the NITA-U official website www.nita.go.ug), with a cover letter, curriculum vitae, and must specify day time telephone contact, postal and email addresses of both the applicant and three referees, copies of certificates and testimonials to the address below. Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts.
No application will be accepted without a duly signed standard application form.
The Executive Director,
National Information Technology
Authority – UGANDA (NITA-U),
Palm Courts, Plot 7A, Rotary Avenue (former lugogo bypass)
P.O. Box 33151, Kampala-Uganda
Tel: 0417 801 038
Or via email: firstname.lastname@example.org