Senior Cyber Incident Responder & Forensic Analyst

Overview

The primary purpose of this position is to be a subject matter expert in DFIR (Digital Forensics Incident Response), conducting rapid triage and investigating cyber incidents impacting State, Local, Tribal and Territorial (SLTT) governments.

What You'll Do

• Take the lead on DFIR and cases, assisting State, Local, Tribal, and Territorial governments

• Conduct rapid triage to investigate the extent and nature of compromises and provide expert recommendations on containment and remediation steps

• Conduct incident response calls with SLTT governments

• Prepare and review written technical reports that document case findings

• Lead research on security-related questions or incidents reported from SLTT members

• Provide training and support for CERT Analysts and other operations team members

• This position may involve essential duties and responsibilities that must continue to be performed during crisis situations and contingency operations, which may necessitate extended hours of work

• Other tasks and responsibilities as assigned

What You'll Need

• Bachelor’s degree in DFIR, Cybersecurity, Computer Science, or related field*

• 3+ years’ experience in DFIR and/or Security/Network Administrator

• Advanced experience in one or more of the following areas:

• Incident response protocols, processes, and techniques

• System and application security threats and vulnerabilities

• Adversarial tactics, techniques, and procedures

• Various host and network-based security controls

• Experience preparing and delivering technical presentations and reports

• Strong time management, communication, attention to detail, and professional and interpersonal skills

• Must be eligible to obtain a National Security Clearance

• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

• Must be authorized to work in the United States

It's a Plus if You Have:

• Highly proficient in the analysis of various log types (e.g. Windows Event, Web server, Firewall logs, etc…)

• Experience with scripting languages such as Bash, Perl, or Python

• Experience with dynamic and/or static analysis of malware

• A detailed and in-depth knowledge of forensic methodologies and related tools such as FTK, EnCase, and SANS SIFT

• Certifications in related areas (e.g. GCFE, GCFA, GNFA, GCIH, GREM, CCFE, CFCE, etc…)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct

• Dishonest Conduct

• Employment Misconduct

• Alcohol Abuse

• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.)

• False Statements

• Financial Issues

• Have not resided in the US for three (3) of the past five (5) years