Remote: N
Salary: $50-60/hr
Location: Arlington, VA
Clearance: Top Secret/SCI
We are seeking a Cybersecurity Host-Based Systems Analyst to perform investigations to develop a preliminary diagnosis of the severity of breaches. The HIRT provides remote and onsite advanced technical assistance, proactive threat hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities.
Qualifications:
- Must have 5+ years of directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools
- Ability to create forensically sound duplicates of evidence (forensic images)
- Ability to author cyber investigative reports documenting digital forensics findings
- Proficiency with analysis and characterization of cyber attacks
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
- Proficiency with common operating systems (e,g, Linux/Unix, Windows)
Responsibilities:
- Assists with leading and coordinating forensic teams in preliminary investigations
- Plans, coordinates, and directs the inventory, examination, and comprehensive technical analysis of computer-related evidence
- Distills analytic findings into executive summaries and in-depth technical reports
- Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
- Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
- Evaluates, extracts, and analyzes suspected malicious code
- Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
- Triage electronic devices and assess evidentiary value
- Correlate forensic findings to network events in support of developing an intrusion narrative
- Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
- Perform forensic triage of an incident to include determining scope, urgency, and potential impact
- Track and document forensic analysis from initial participation through resolution
- Collect, process, preserve, analyze and present computer-related evidence
- Coordinate with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
- Assist to document and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings