The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency: English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

Under the direction of the Corporate Information Security Digital Forensics Manager, the Digital Forensics Principal Specialist position will support the Digital Forensics program for Truist Financial Corporation.

Essential Duties and Responsibilities

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

Specialist will act as liaison and escalation point for Cyber Incident Response situations which require focused attention beyond the first responders' scope of action.
Lead collaboration with internal and external stakeholders to include, but not limited to, Legal, Teammate Relations (Human Resources), Corporate Security, Incident Response, Security Operations, Compliance, Governance, Senior and Executive Leadership.
Support stakeholder investigations through the forensic acquisition and analysis of electronically stored information (ESI) and devices to include proper documentation and handing of data according to applicable standards and procedures, and industry best practices.
Maintain expert knowledge of evidence collection, handling and storage procedures, including chain of custody best practices.
Lead the development of investigative processes to include documentation and handing of data according to applicable standards, procedures, and industry best practices.
Utilize approved forensic tools and methods to collect and analyze ESI and devices, especially in the context of corporate investigations, civil litigation, or criminal proceedings, to include witness or expert testimony.
Conduct digital forensic investigations into diverse, often complex allegations of misconduct and wrongdoing, including violations of company policy; government regulations; and local, state, and U.S. laws.
Produce forensic analysis reports in support of stakeholder investigations suitable for presentation in civil or criminal proceedings.
Remain current on industry trends, tools, procedures, and certifications in cybersecurity and digital forensics.
Lead the development of formal and informal stakeholder training.
Mentor and assist junior staff in career development.
Perform supervisory responsibilities in the absence of the Digital Forensics Team manager at their direction.
Conduct evaluation and coordinate the deployment of new forensics tools with appropriate internal teams and vendors
Maintain, troubleshoot and manage deployed forensics tools for updates and availability to forensics teammates.
Management of special projects, as assigned by the Digital Forensics Team manager, requiring long-term time commitment and technical skills

Qualifications

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

B.A. or B.S. degree in related field or equivalent work experience.
Understanding of digital forensics case management and all phases of the Electronic Discovery Reference Model.
5+ years working experience in incident response or digital forensics investigations.
Strong knowledge of forensic tools and methods used to collect and analyze electronically stored information and devices, especially in the context of a civil lawsuit or corporate investigation.
Expert knowledge of evidence collection, handling and storage procedures.
Strong analytical and problem-solving skills.
Strong understanding of network protocols and acquisition of ESI from network sources.
Strong oral and written communication skills, including ability to explain complex concepts in clear, unambiguous terms.
Ability to perform complex forensic investigations, including mobile, network, memory, and malware analysis.
Ability to assess strategic threat intelligence and drive threat hunting.
Ability to manage multiple responsibilities while meeting established deadlines.
Ability to use standard Linux distributions and tools (ssh, scp, cp, grep, find, etc.) in the course of collection and analysis, in addition to specialized tools included in distributions such as SIFT Workstation and REMnux.

Preferred Qualifications:

Industry recognized Digital Forensics training and/or certifications (CFCE, CCE, ACE, EnCE, GCFE, GCFA, etc.).
Additional certifications from ISC2, IACIS, SANS, or other non-vendor specific training.
Experience with legal proceedings or giving expert testimony.
Experience with industry accepted and Free and Open Source Digital Forensics tools.
Advancement and development of digital forensics tools, automation, or analysis techniques.
Experience in non-traditional environments (e.g. cloud, IoT, ICS)
Published white papers, blog articles, research in technical field(s)
Experience with scripting/programming languages (e.g. Python, PowerShell, C#, etc.), large scale log parsing
Experience with one or more database technologies and associated query languages
2+ years experience with enterprise EDR tools (e.g. Tanium, CrowdStrike, or Windows Defender) highly preferred
Proven experience developing queries and dashboards for log aggregation tools (e.g. Splunk, Elasticsearch, or Microsoft Sentinel) highly preferred

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify