Digital Forensics Analyst SA

We’re re-imagining mining to improve people’s lives. That includes the lives of everyone who works for Anglo American. We strive to be a great company where employees are happy, inspired to do their best work. A place where every colleague can grow, develop and realise their potential. To live up to our Always with Purpose employee value proposition, we’re putting the development and growth of colleagues first by ensuring everyone at Anglo American has the career experience they deserve.

Job Description

• As a Digital Forensics Analyst, the role is to support Cyber Investigations with corporate investigations and the Security Operations Centre with incident response.
• Utilise forensic tools and techniques to recover and preserve data from digital devices and cloud sources.
• Stay abreast of digital forensics best practices and evolving cyber threats to enhance investigation and incident response capabilities.
• Assist in the development and improvement of digital forensics procedures and protocols.
• Maintain the chain of custody and ensure the integrity of digital evidence throughout the investigation process.
• Utilise e-discovery software to support investigations and breaches.
• Utilise security log collection and analysis to support investigations and breaches.
• Conduct digital investigations, collecting and analysing electronic evidence for corporate investigations and cyber security purposes.
• Collaborate with law enforcement, legal teams, and internal stakeholders to support digital investigations.
• Prepare detailed forensic reports and legal format/expert testimony for use in legal proceedings.
• Perform forensic analysis of malware and other cyber infections to establish behaviours, processes and steps of an attack and communicate these to threat hunting and intelligence teams.

Qualifications

• (Bachelors / Honours degree or equivalent) in computer science, business informatics, engineering/technology or equivalent.
• (Masters / Doctoral degree or equivalent) in computer science, business informatics, engineering/technology or equivalent would be advantageous.
• Professional certifications and experience in Information Security from industry standard security frameworks, e.g. ISACA, BCS, CIPP, ITIL, Crest, ISC2, COMPTIA and key security vendors including Microsoft, Crowdstrike, Qualys, IBM.

Technical Knowledge:

Must have:

• Advanced knowledge of computer systems, data recovery, network protocols, file formats, encryption, and chain of custody procedures.
• Advanced knowledge of forensic software and hardware; Axiom, FTK, Cellebrite, remote collection processes.
• Advanced knowledge of e-discovery software and processes; Epic, Nuix, Microsoft Purview.
• Understanding of threat actors, attack vectors, and emerging cyber threats.
• Knowledge of cloud security principles and best practices.
• Awareness of relevant cybersecurity regulations and standards (e.g., GDPR, HIPAA, NIST).
• Understanding of mobile device security, including mobile operating systems and app security.
• Understanding of encryption algorithms, key management, and secure communication protocols.
• Experience with securing and log analysis of cloud environments on platforms like AWS, Azure, or Google Cloud.
• Ability to analyze network traffic and user account activity to identify anomalies.
• Understanding of data breaches and the process of collection, investigation and reporting in region.
• Ability to implement encryption solutions to protect data at rest and in transit.
• Understanding of network protocols, architectures, and components.
• Ability to configure and manage network security devices.
• Familiarity with firewalls, intrusion detection/prevention systems (IDS/IPS), and network monitoring tools.
• Proficiency in securing various operating systems, including Windows, Linux, and macOS.
• Knowledge of system hardening techniques, patch management, and access controls.
• Ability to monitor and analyze threat intelligence sources to identify potential risks.
• Understanding of security assessments and penetration testing.
• Experience in configuring data loss prevention (DLP) policies and monitoring data flows.
• Understanding of DLP solutions to prevent unauthorized data leakage.
• Understanding of secure coding principles to develop and maintain secure applications.
• Understanding of TCP/IP protocols, subnetting, routing, and network architecture.