Title: Host Based Systems Analyst IV Description:We are seeking experienced
Host Forensics Analysts to provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity.
Eligibility:- Must be aUS Citizen
- Must have anactive TS/SCIclearance
- Must be able to obtainDHS Suitabilityprior to starting employment
- 8+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
Responsibilities Include:- Assisting Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating data collection/acquisition operations
- Providing technical assistance on data collection techniques and forensic investigative techniques to appropriate personnel when necessary
- Writing in-depth reports, supports with peer reviews and provides quality assurance reviews for junior personnel
- Supporting forensic analysis and mentoring/providing guidance to others on data collection, analysis, and reporting in support of onsite engagements
- Assisting with leading and coordinating forensic teams in preliminary investigation
- Planning, coordinating, and directing the inventory, examination and comprehensive technical analysis of computer systems and digital artifacts
- Distilling analytic findings into executive summaries and in-depth technical reports
- Serving as technical forensics liaison to stakeholders and explaining investigation details to include forensic methodologies and protocols
- Tracking and documenting on-site incident response activities and providing updates to leadership throughout the engagement
- Evaluating, extracting, and analyzing suspected malicious code
Required Skills:- Ability to create forensically sound duplicates of computer systems (forensic images)
- Able to write cyber investigative reports documenting digital forensics findings
- Experience with the analysis and characterization of cyber attacks
- Experience with proper digital asset collection and preservation procedures and chain of custody protocols
- Skilled in identifying different classes of attacks and attack stages
- Knowledge of system and application security threats and vulnerabilities
- Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources
- Must be able to work collaboratively across physical locations
Desired Skills: - Experience with or knowledge of two or more of the following tools: EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/ Autopsy, Snort, Splunk or other EDR Tools (Crowdstrike, Carbon Black, Etc)
- Proficiency with conducting all-source research
Desired Certifications: One or more of the following certifications: GCFA, GCFE, EnCE, CCE, CFCE, CISSP
Required Education: BS Computer Science, Cybersecurity, Computer Engineering, or related degree; or HS Diploma and
10+ years of host or digital forensics experience