Cyber Forensic Investigator

**Job Details**

**Who we are**

Johnson Controls is the global leader for smart, healthy and sustainable buildings.

At Johnson Controls, we’ve been making buildings smarter since 1885, and our capabilities, depth of innovation experience, and global reach have been growing ever since. Today, we offer the world’s largest portfolio of building products, technologies, software, and services; we put that portfolio to work to transform the environments where people live, work, learn and play.

This is where Johnson Controls comes in, helping drive the outcomes that matter most. Through a full range of systems and digital solutions, we make your buildings smarter. A smarter building is safer, more comfortable, more efficient, and, ultimately, more sustainable. Most important, smarter buildings let you focus more intensely on your unique mission. Better for your people. Better for your bottom line. Better for the planet. We’re helping to create a healthy planet with solutions that decrease energy use, reduce waste and make carbon neutrality a reality.

Sustainability is a top priority for our company.

We committed to invest 75 percent of new product development R&D in climate-related innovation to develop sustainable products and services. We take sustainability seriously. Achieving net zero carbon emissions before 2040 is just one of our commitments to making the world a better place.

Please visit and follow Johnson Controls linkedin for recent exciting activities.
Career The Power Behind Your Mission
OpenBlue OpenBlue: This is How a Space Comes Alive

**What you will do**:
The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing cybersecurity threat landscape.

**How you will do it**:

- Perform comprehensive investigative and technical analysis of an integrated user activity monitoring capability, across data loss prevention (DLP), user behavioral analytics (UBA) and other solutions, to identify and corroborate evidence of employee misconduct, policy violations, information loss, insider threat and fraud.
- Use and improve upon existing technologies and workflows to accurately and efficiently identify risk based on multiple data sets and data points.
- Partner with the broader GIS organization to facilitate bi-directional and cross-functional information exchange and response capabilities.
- Determine if corporate policies have been violated based on conditions outlined within the Information Protection Incident Management Framework, and document observations and findings in accordance with standard operating procedures (SOPs).
- Identify potential risk factors, indicators and warnings of at-risk insiders.
- Aid in information protection strategies and alignment with crown-jewel information asset classification and protection.
- Work with legal, privacy, audit and regulatory teams to periodically review policies, procedures and program compliance.

**What we look for**:

- Bachelor’s degree in discipline related to existing job experience. Equivalent experience in lieu of a degree will be considered
- Minimum of five (5) years of experience in any of the following fields
- Computer or forensic investigations
- Cyber investigations
- Computer network defense, information governance or incident response
- Law enforcement
- Past experience directly supporting business units on Cybersecurity issues strongly preferred.
- Investigative mindset with the ability to use techniques and tools to gather and evaluate evidence to perform analysis, draw findings and build a case.
- Planning and executing proactive strategy for investigations while utilizing and analyzing electronic media to identify potential risk trends.
- Demonstrated analytic skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
- Trained and proficient working with data loss protection (DLP), user-entity behavior analytics (UEBA), digital forensics and/or Insider Threat tools.
- Experience reviewing logs, developing Splunk queries and dashboards, automating manual tasks is a plus.
- Familiarity with O365 security and compliance center is a plus.
- Adhere to digital investigative principles, methodology and protocols to include evidence handling and preservation.
- Experience preparing incident investigation reports and documenting activities.
- Experience working collaboratively with cross-functional teams.
- Excellent interpersonal communication (verbal, written) skills and the ability to analyze and make effective recommendations to business and technology leaders.
- Ability to work independently with little or no supervision.
- Organized, responsive and thorough problem solver.
- Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certifie