Senior Cyber investigator in Miami, FL at Royal Caribbean Group

Date Posted: 2/18/2021

Job Snapshot

  • Employee Type:
  • Location:
    Miami, FL
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Cruises Ltd. is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

Position Summary:

The Senior Cyber Investigator role combines the responder, computer forensics, threat analysis, behavioral & analytics functions  to become a technology subject matter expert. This role will consult with RCL business groups, external researchers, local, Federal and international law enforcement. Within the RCL Incident Management Program the senior investigator will perform cyber investigations for the RCL enterprise including those relating to external hackers, insider abuse and fraud. The Investigator will assist with developing and deploying the enterprise incident response and threat analysis program and supporting documentation, participating in operational analysis, and leading investigations of actual or potential cyber incidents. The role requires the first responder to be proactive and a highly technical subject matter expert in security, technologies, threat analysis and indicators of compromise.

The Investigator will collaborate their efforts with Information Security (IS) senior and executive leadership as well as key personnel within Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Global Security, Internal Audit, Privacy and Global Business Management. This collaboration helps ensure the Cyber Threat program is evaluating and managing threats in all external information sharing relationships. The Investigator needs to understand forensic tools, develop SIEM queries and dashboards, develop and implement analytical models, review threat intelligence data and work understand and work with SOAR technologies. The role requires sound judgment with a high level of integrity, ethics and ability to calmly, diplomatically and effectively deal with stressful situations

Essential Duties and Responsibilities:

  • Computer Forensics (4 - 8 years)
    • Follows applicable laws and regulations, standards and policies to conduct computer forensics procedures and investigation practices.
    • Collects and analyzes information data (system logs, network traffic activity, encrypted or erased data, etc.) of IT systems, networks, hardware/software and suspected devices.
    • Prepares incident investigation reports and documents of computer forensics for following processing.
    • Uses techniques and tool sets (e.g. Encase, X-Ways, FTK, SIFT) to detect and track electronic data trails and digital evidence of information security incidents.
    • Works with computer forensics measures to detect information security incidents, such as cybercrimes, hacking, intrusions, and frauds
  • Digital Forensic Tools (4 - 8 years)
    • Works with basic function of digital forensics tools.
    • Monitors forensics procedures and adjusts digital forensics tools accordingly.
    • Explains forensics results from a business development perspective.
    • Compares the uses and benefits of diverse digital forensics tools.
    • Selects a digital forensics tool for a specific case while minimizing risk.
  • Information Security Technologies      (4 - 8 years)
    • Installs, upgrades or maintains firewall technology or anti-virus software.
    • Explains computer forensics, authentication mechanisms and digital certificates.
    • Participates in evaluating information security features against business requirements.
    • Utilizes a specific hardware or software security technology to control risks.
    • Collects and documents information about new information security tools.
  • Intrusion Detection and Prevention     (4 - 8 years)
    • Utilizes intrusion detection and prevention technologies, systems and tools to monitor, analyze and respond to networks and systems.
    • Assists in the implementation of intrusion detection and prevention systems.
    • Reviews and records IDS and IPS system logs; analyzes alarms of abnormal events.
    • Tests and tunes the performance of IDS and IPS regularly.
    • Works with basic functions and operations of intrusion detection and prevention.
  • Incident Response and Investigations  (4 - 8 years)
    • Able to identify gaps in IR process and runbooks, make suggestions for improvements
    • Able to complete IR investigations without supervision
    • Take a senior role in tabletop exercise
    • Lead parts of major cyber incidents
    • Fulfill the role of scribe of major cyber incidents
    • Demonstrates creative thinking and the ability to solve issues
    • Identifies gaps in technologies and tools for incident response related investigations and socializes within the IR team
    • Identifies complex computer crime evidence in legal proceedings.
    • collaborates with senior management on risk management and computer security.
  • Digital Threat Management (4 - 8 years)
    • Performs basic tasks associate with digital threat detection and analysis, such as intrusion detection.
    • Conducts the real-time gathering and assessment of digital threats information.
    • Assists in the system scan to identify potential vulnerabilities.
    • Monitors the operation of organizational network to ensure compliance
  • Work Environment:
    • 80% of work is done in main office
    • 10% of work is done shipboard
    • 10% of work requires domestic or international travel
    • On-Call rotation


Job Requirements

Qualifications, Knowledge, and Skills:

  • Bachelor’s degree or equivalent experience
  • Certified CISSP or/and GCFA, GCIH, GIAC...
  • Required 4 - 8 years combined years of experience in I.T, Information Security, Cyber Response, Maritime Cyber Security, or Threat Intelligence
  • Preferred 4 - 8 years combined years of forensic investigation, incident response, and cyber intelligence operations
  • Preferred 4 - 8 years of progressive leadership experience.
  • Previous experience at the NSA, DoD, NOAA Emergency Operation Center, Maritime Security Operations or as a Military Threat Operations team member, or Cyber Crime investigator required
  • Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate IS and risk-related concepts to technical and non-technical audiences
  • Must have a strong understanding of TCP/IP networks and associated tools
  • Must have a solid understanding of Apple, Linux and Windows Operating systems
  • Assist with the management of and enhancements to the forensics and malware analysis lab
  • Assist with the management and enhancements for procedures/runbooks, including employee investigations, network forensics, incident response forensics, privacy, fraud and external cyber investigations.
  • Must be intelligent, articulate, and consensus building and be able to serve as an effective member of the team
  • Strong understanding of compliance measurement and contractual requirements for SOX, GLBA, PCI and GDPR
  • The ability to exercise independent judgment in support of corporate goals & strategy
  • Preferred hands-on SIEM experience including custom report writing and correlation rules
  • Preferred experience performing hands-on investigations of mobile devices and have familiarity with associated tools
  • Must demonstrate innovative analytical and problem solving skills
  • Proficient with methodologies, tools, best practices and processes across various technology areas
  • Familiarity with ISO27001, ISO27002, ISO27005, NIST and other industry standards
  • Preferred experience of one or more forensics tools (i.e. EnCase, FTK, etc.)
  • Preferred experience performing eDiscovery and working with legal teams
  • An understanding of anomaly detection methodologies and tools
  • Working knowledge of malware detection, malware reverse engineering, and data exfiltration
  • Working Knowledge of Cuckoo sandbox or other automated malware analysis tool
  • Working knowledge of a Security Operations Center (SOC) as part of a larger continuous monitoring program
  • Working familiarity in static and dynamic code analysis, cloud services, forensic level packet capture, reverse code engineering, identifying indicators of compromise (IOC), threat analysis, anomaly detection, next generation firewalls (NGFW) and security incident and event management (SIEM) technologies, wired and wireless intrusion prevention systems.
  • Previous experience with penetration testing and vulnerability assessment tools, such as IBM AppScan, HP Fortify, Burp Suite, Metasploit, HP Webinspect, Nexpose, Nessus and NMAP
  • Strong understanding of TCP/IP networking; UNIX, Linux and Microsoft Windows-based operating system platforms and relational database management systems such as Oracle, MS SQL, and MySQL
  • Working understanding of cryptographic controls
  • Must demonstrate strong organization skills and time management and ability to manage multiple tasks / projects while ensuring deadlines are met

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. RCL and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.