Crown Castle IT Senior Forensic & IR Analyst in Canonsburg, Pennsylvania

Company Summary

Crown Castle works around the country to build and maintain the infrastructure behind the world’s most revolutionary technologies. Crown Castle owns, operates and leases more than 40,000 cell towers and over 60,000 route miles of fiber supporting small cells and fiber solutions across every major US market. This nationwide portfolio of communications infrastructure connects cities and communities to essential data, technology and wireless service – bringing information, ideas and innovations to the people and businesses that need them. Crown Castle is an S&P; 500 company and one of the largest Real Estate Investment Trusts in the United States with an enterprise value of approximately $60 billion.

Position Title:IT Sr. Forensic & IR Analyst

Position Summary

The IT Sr. Forensic & Incident Response Analyst is responsible for understanding the current and emerging threat landscape; incident response program development, deployment and maintenance; forensic investigation program development, deployment and maintenance; litigation holds and other electronic discovery requests; coordination and execution of all incident response activities enterprise wide and comprehensive reporting of all incidents and investigations. This position combines project-based work and operational assignments. This will require practical use and understanding of forensic, incident response and security protocols and standards, as well as a solid working knowledge of information security principles and practices.

Essential Job Functions

  • Research attempted efforts to compromise security protocols.

  • Manage and perform incident response, including digital forensic activities.

  • Support ongoing internal investigations and litigation matters throughout the entire chain of custody.

  • Perform file-system analysis and file carving (for example, to extract email, documents, malicious binary code, and other trace evidence).

  • Establish timelines and patterns of activity of individuals and electronic devices and software.

  • Create detailed reports that address both technical and non-technical findings and impacts of events and incidents.

  • Consult with Company Legal team on privacy, policy, and compliance concerns.

  • Develop remediation plan of actions as a result of investigative discovery within Company business and IT infrastructure.

  • Communicate with stakeholders to ensure both confidentiality of information and expedient evidence collection.


  • High school diploma or equivalent

  • Bachelor’s degree in Computer Science or Engineering or equivalent experience in a related field

Experience/Minimum Requirements

  • Minimum of seven (7) to ten (10) years of experience with enterprise level security networking (CISSP certification preferred)

  • Must have demonstrated incident response and digital forensic capabilities (Certifications such as GCFA, GCFE, GREM, GCIH, GCIA, ACE, EnCE, and/or CCE are desired)

Other Skills/Abilities

  • Must have strong written and oral communication skills

  • Must be able to work effectively under pressure and meet deadlines

  • Must be able to multitask and prioritize tasks effectively

  • Must demonstrate motivation and desire to learn new skills and technologies

  • Must have strong troubleshooting and analytical skills

  • Experience managing large and small scale incidents

  • Experience leading digital forensic investigations

  • Experience with the following tools: Helix, Encase, FTK, Wireshark, Reg Ripper, NMAP, Truecrypt, Notepad++, FTK Imager, HBGary

  • Familiarity with the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, 802.11 wireless, firewalls, routers, network protocols and architecture, databases, VPN/RAS, IDS/IPS

  • Experience with log analysis from various formats

  • Understanding of risk-based frameworks

  • Understanding of one or more frameworks: PCI-DSS, Sarbanes Oxley, NERC-CIP, HIPAA, FISMA, ISO, COBIT, NIST

  • Broad information security knowledge and experience

  • UNIX,LINUX, Windows Operating Systems

  • Familiar with FTK or similar digital forensics

  • Strong understanding of network protocols, TCP/IP and host-based firewalls

  • Strong understanding of encryption

  • Experience with Malware and reverse engineering of malicious code

  • Experience writing and interpreting scripts

Organizational Relationship

Reports to:Director Information Security

Title(s) of direct reports (if applicable):N/A

Working Conditions:Works in a normal office setting with no exposure to adverse environmental conditions.

Additional Information:N/A

Crown Castle is an Equal Opportunity Employer.

Posting Location: PA - Canonsburg

# of openings: 1