Information Security Forensic Response Analyst

WAWA - Wawa, Inc. - Corporate Office

Job Description

Job Title: Forensic Response Analyst

Location: Corporate

Department: Information Technology

Band: Professional

Job Summary:  The Forensic Response Analyst handles legal hold Electronically Stored Documents (ESD) requests, inventory and chain of custody for physical drive and forensic images. They provide thorough documented and correlated results of any non-compliance or misuse of Wawa corporate assets and network.  In the event of E-discovery event, this analyst will conduct the appropriate artifact collection and follow chain of custody practice to meet all legal requirements.  This role works closely with the HR, Legal and InfoSec leadership on findings and provides a detailed report of the entirety of the investigation.

Principal Duties:

• Applies innovation, creativity, and thought leadership to drive the ongoing InfoSec organization and towards the Cybersecurity Maturity model.
• Maintains skills and capabilities required to support advanced forensic investigations for Wawa.
• Conducts forensic examinations of digital and other multimedia evidence through the application of scientific practices for the recognition, collection, analysis, and interpretation of digital evidence for compliance and regulatory purposes.
• Provides support in the detection, response, mitigation, and reporting of real or potential threats to the Wawa organization and assist in the automation of these processes.
• Performs root cause analysis of forensic investigations for further enhancement of overall Wawa corporate policies.
• Captures and documents intelligence processed for purposes of correlation and threat actor attribution.
• Provides forensic analysis of network packet captures, DNS, EDR, DNS, proxy, host-based security and application logs, as well as logs from various types of security sensors.
• Serves as a primary POC in forensic investigations activities such as collection of artifacts and retrieval of any physical devices like laptops, and external devices.
• Reports common and repeated problems (trend analysis) to InfoSec leadership and proposes process and technical improvements.
• Provides written and verbal reports and updates to InfoSec leadership on active investigations and ongoing events.

• Performs ongoing evaluation and validation of the forensic laboratory instrumentation and methods, operating protocols, and safety practices under supervision; maintains awareness of safety procedures for collected artifacts that align with a chain of custody.
• Supports IR toolset utilized for remote collection of volatile and volume data.
• Provides surge support where required to respond and recover from high severity and impact incidents.

Essential Functions:

• Strong written and verbal communication skills, interpersonal and collaborative skills.
• Up-to-date knowledge of methodologies and trends in both information security and IT.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker, with strong problem-solving skills.
• Ability to participate in a project under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to lead small internal Incident Response related tools and technology projects.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
• Maintain a working environment conducive to positive morale and teamwork.
• Ability to be on-call 24x7x365 rotation for information security incidents.
• Ability to train others.
• Respond to SIEM, DLP, Endpoint Security, email, HR Separation, Production Calendar tasks, internal tickets and requests during on call rotation.

Basic Requirements:

• Minimum of 3 years of experience in a combination of incident response, information security and IT.
• Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security management certification is desirable, such as Certified Forensic Investigator (CFI), Certified Forensic Examiner (CFE), Certified Hacking Forensic Investigation (CHFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.
• Foundational knowledge of incident response standards such as NIST 80-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management
• Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.

Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at asc@wawa.com or 1-800-444-9292.

Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.