Our Partner serves as a prime contractor in a federal program, performing investigations to develop a preliminary diagnosis of the severity of breaches. They provide remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity. They are seeking
Host Forensics Analysts to support this critical customer mission.
Responsibilities- -Assist Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating data collection/acquisition operations
- Provide technical assistance on data collection techniques and forensic investigative techniques to appropriate personnel when necessary
- Write in-depth reports, supports with peer reviews and provides quality assurance reviews for junior personnel
- Support forensic analysis and mentoring/providing guidance to others on data collection, analysis and reporting in support of onsite engagements
- Assist with leading and coordinating forensic teams in preliminary investigation
- Plan, coordinate, and direct the inventory, examination and comprehensive technical analysis of computer systems and digital artifacts
- Distill analytic findings into executive summaries and in-depth technical reports
- Serve as technical forensics liaison to stakeholders and explaining investigation details to include forensic methodologies and protocols
- Track and document on-site incident response activities, and provide updates to leadership throughout the engagement
- Travel to incident response locations in the United States, Territories & Possessions
- Evaluate, extract, and analyze suspected malicious code
Requirements- US Citizenship
- Active TS/SCI Clearance
- Must be able to obtain DHS Suitability
- BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics experience
- 8+ years of directly relevant experience in cyber forensics investigations, using leading edge technologies and industry standard forensic tools
- Ability to create forensically sound duplicates of computer systems (forensic images)
- Able to write cyber investigative reports documenting digital forensics findings
- Experience with the analysis and characterization of cyber attacks
- Experience with proper digital asset collection and preservation procedures and chain of custody protocols
- Skilled in identifying different classes of attacks and attack stages
- Knowledge of system and application security threats and vulnerabilities
- Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources
- Must be able to work collaboratively across physical locations
Desired Skills- Experience with or knowledge of two or more of the following tools:
- EnCase
- SIFT
- X-Ways
- Volatility
- WireShark
- Sleuth Kit/ Autopsy
- Magnet Axiom Cyber
- Snort
- Splunk or other SIEM Tools (ArcSight, LogRythm, Elastic, etc.)
- Other EDR Tools (Crowdstrike, MDE, Trellix, etc.)
- Proficiency with conducting all-source research
- Desired Certifications: GCFA, GCFE, EnCE, CCE, CFCE, CISSP