Senior Cyber Investigations Analyst - Forensics

Reston VA
February 15 2019
Insurance, Securities
Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): Up to 25%

Relocation Provided: No

AIG Employee Services, Inc.

Title: Senior Cyber Investigations Analyst - Forensics

Reports to: Global Cyber Investigations & eDiscovery Director

Location: Reston, VA

Business Unit: Corporate, Information Security Office

Functional Area: Information Security, Threat Detection and Response

Employment Type: Full Time - Permanent

Position Description

The Senior Cyber Investigations Analyst will provide expert-level contributions to AIG's Information Security Office, ensuring defensible and repeatable collection and analysis of electronic evidence. The analyst will assist in providing excellent investigative and forensic services to a global internal customer base. This senior level position will be looked upon as a subject matter expert (SME) in the fields of digital forensics and cyber investigations and may be called upon to testify.

Position Responsibilities:

• Conduct forensic analysis of physical devices and other electronic data sources in support of internal investigations and other legal requests using forensically sound processes.

• Perform highly sensitive and confidential investigations involving internal risks such as employee misconduct, intellectual property theft, embezzlement, misuse, harassment, and physical security threats.

• Lead proactive efforts to identify, disrupt, and protect AIG from any internal threats that may undermine the integrity and operations of the business.

• Provide subject matter guidance and work collaboratively with incident response and other cyber security teams in the event of a cross-functional investigation.

• Drive continuous improvement across the cyber investigations group and its processes.

• Utilize a range of data sources, systems, and tools to collect, search, recover, sort, and organize large volumes of digital evidence during all phases of the investigative process.

• Collect and preserve electronically stored evidence and digital media using repeatable and defensible procedures, ensuring chain of custody throughout the evidence lifecycle.

• Deliver clear and meaningful results and associated reporting to requestors of various levels across the organization.

• Maintain awareness of new forensic technology, techniques, and industry best practices.

• Mentor junior level security professionals and periodically perform quality review of their work.

• Assist team leadership with the development, collection, and publication of metrics that illustrate team performance and highlight obstacles thwarting team potential.

Requirements (Knowledge, Skills, and Abilities):

• Working knowledge and proven experience with current digital forensic best practices and methodologies.

• 7 years of experience leading digital investigations following legally sound practices (including chain of custody).

• Experience testifying in civil and/or criminal proceedings.

• Demonstrated expertise in both working in and handling extremely confidential investigations.

• Experience with forensic technologies such as EnCase, AXIOM, Cellebrite and SANS SIFT workstation.

• Experience with emerging cloud technology services and their effect on digital investigations.

• Good understanding of possible methods of internal and external data movement.

• Ability to navigate a complex global network as part of the investigative research process.

• Familiarity with processes and technologies for collections from mobile device platforms.

• Strong understanding of enterprise email systems including Office 365 and MS Exchange.

• Experience with enterprise level SIEM and DLP tools such as Splunk, McAfee and Symantec.

• Programming and/or scripting experience.

Personal Attributes:

• Self-starter with a sense of urgency who takes ownership and responsibility for service delivery.

• Works independently with minimal guidance to drive projects to completion, while also working collaboratively with the team to achieve strategic goals.

• Professional, clear, and concise communication to both technical and non-technical audiences.

• Excellent analytical ability, sharp attention to detail, creative problem solving, and consultative skills.

• Proven organizational skills (time management and prioritization).

• Position requires access to highly sensitive confidential material; integrity and discretion are mandatory.


(7) years of experience in computer forensics, investigations, or similar information security discipline.

Formal Education & Certification

  • Bachelor of Science in Computer Science, Information Systems, Software Engineering, Criminal Justice or any combination of education and relevant experience

Preferred Certifications:

  • EnCase Certified Examiner - EnCE
  • GIAC Certified Forensic Analyst - GCFA
  • GIAC Certified Forensic Examiner - GCFE
  • Certified Forensic Computer Examiner - CFCE
  • Certified Information Systems Security Professional - CISSP

** NOTE: An equivalent combination of experience, education and/or training may be substituted for the listed minimum requirements.

Occasional travel may be required, but less than 10% of the time.

It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.