Overview We are seeking a full-time Cyber Defense Forensics Engineer 2 in our Olathe, KS location. In this role, you will be responsible for analyzing digital evidence and investigating computer security incidents to derive useful information in support of system and network vulnerability mitigation. In addition, this person conducts sensitive, complex, investigations of cyber incidents including systems compromise, data loss and insider threats and provides recommendations on security posture and architecture of systems or networks and ensures adherence to Garmin’s information security strategy, programs, and best practices. Essential Functions All Positions May lead the collection, processing, preservation, analysis and presentation of evidence in support of a wide array of investigations Investigate, analyze, and respond to cyber incidents with the global enterprise network and endpoints Ability to apply investigative techniques for responding to host and network-based anomalies Coordinate incident response functions and provide expert technical support to enterprise-wide security operations center cyber defense analysts Conduct analysis of log files, evidence, and other information to determine best methods for identifying the source of the incident or possible threats to security Conduct detailed investigations establishing documentary or physical evidence to include digital media and logs associated with cyber intrusion incidents Team with security operations center to determine scope, urgency, and potential impact, identifying specific vulnerabilities and making recommendations to expedite remediation Perform forensically sound collection of system memory, triage information, and storage media images that ensure the original evidence is not unintentionally modified to use for data recovery and analysis Analyze volatile data from information systems memory using tools such as Volatility Ability to conduct host and network forensic analyses in and for both Windows and Linux environments and to examine the recovered data for information of relevance to the investigation at hand Maintain a deployable cyber defense toolkit, forensics workstation, virtual environments, and repeatable procedures to support the incident response mission Collect and analyze intrusion artifacts such as source code, malware, and system configuration and use the discovered data to enable mitigation of potential cyber defense incidents within the enterprise Coordinate with cyber threat intelligence experts to correlate threat assessment data Monitor external data sources to maintain currency of cyber threat conditions and determine which security issues may have an impact on the enterprise Identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on creating custom signatures such as Sigma and Yara rules for detection and remediation Process digital evidence using forensic tool suites (ex. Encase, FTK, Autopsy) to include protecting and making legal sound copies of the evidence Provide technical summaries, cyber defense recommendations, and reports of findings in accordance with the established reporting procedures Extract indicators of compromise (IOCs) that can be applied to current and future investigations Work with the team to define and drive a cohesive security strategy around internal and external investigations and enforcement that can be communicated both internally to associates and externally Refine existing or develop new processes to automate and reduce the orchestrated incident response times Identify opportunities to share knowledge, skills, and abilities with other team members to further their professional development through training, mentoring, and hands-on assistance as appropriate Complete daily administrative tasks, reporting, and communicating with relevant teams in the organization Malware Analysis Conduct malware analysis using static and dynamic techniques to identify characteristics, capabilities, and understanding of its functions and recommend defensive actions to protect the organization Utilize automated malware analysis tools and techniques to provide initial malware triage analysis before more in-depth approaches can be applied Identify obfuscation and armoring techniques and use unpacking procedures against executables Extract from memory and storage media relevant files, malicious software, and forensics artifacts for analysis Identify common self-defense measures employed by malware which may hinder analysis to include sandbox evasion, debugger detection, and other anti-analysis techniques Use specialized tools such as debuggers and disassembler to aid in your analysis of suspicious files Proficient in conducting code analysis and have a background in programming languages and ASM Possess the ability to build and maintain malware analysis environments using cloud, virtual, and bare metal systems architectures that give insight into system and network behaviors Obtain indicators of compromise (IOCs) from samples to bolster incident response and threat intelligence Provide summaries, detailed technical reports, and executive briefings regarding your analysis Basic Qualifications Bachelor’s Degree in Computer Science, Information Technology, Management Information Systems, Business or related field AND a minimum of 5 years relevant experience OR Master’s Degree in one of the fields noted above AND a minimum of 4 years relevant experience Possesses extensive experience and detailed reference knowledge as it relates to cybersecurity Experience using forensics tools (ex. EnCase, FTK, SleuthKit/Autopsy, Volatility, etc.) Experience in network, host and memory forensics (including live response) for Windows, Mac, and Linux In depth, hands-on understanding of application architectures and technology across all domains (including web applications, mobile technology, identity and access management) Proficiency with various methods of vulnerability assessment including vulnerability scanners, password crackers, network protocol attacks Demonstrated proficiency with Bash, Python, PowerShell or Ruby programming environments Skilled in static/dynamic malware analysis using cloud, virtual, and bare metal architectures Can draw connections among knowledge and skills as it relates to cyber defenses and organize/explore relationships among facts within a set of information Dissects problems with little guidance and has an intuitive sense of incident response goals for situations Must be team-oriented, possess a positive attitude, work well with others, and be a driven problem solver with proven success and initiative in solving difficult problems Desired Qualifications SSCP or CISSP SANS – GREM, GCFA, GNFA, GCIH CYSA+, CASP+ FTK ACE, EnCase EnCE Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran’s status, age or disability. This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits