Host Based Systems Analyst

Responsibilities:

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

• Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations

• Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents

• Collects network device integrity data and analyze for signs of tampering or compromise

• Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information

• Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports

• Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence

• Serving as technical forensics liaison to stakeholders and explaining investigation details
• Required Skills:

• U.S. Citizenship

• Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability

• 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools

• Experience with reconstructing a malicious attack or activity

• Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata

• Ability to create forensically sound duplicates of evidence (forensic images)

• Able to write cyber investigative reports documenting forensics findings

• In depth knowledge and experience of:

• identifying different classes and characterization of attacks and attack stages

• CND policies, procedures and regulations

• proactive analysis of systems and networks, to include creating trust levels of critical resources

• system and application security threats and vulnerabilities of network topologies, Wi-Fi Networking, and TCP/IP protocols

• Splunk (or other SIEMs)

• Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame

• MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

• Must be able to work collaboratively across physical locations. Desired Skills:

• Experience and proficiency with the following tools and techniques:

• EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort

• EDR Tools: Crowdstrike, Carbon Black, Etc

• Carving and extracting information from PCAP data

• Non-traditional network traffic: Command and Control

• Preserving evidence integrity according to national standards

• Designing cyber security systems and environments in a Linux environment

• Virtualized environments

• Conducting all-source research Required Education:
8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience Desired Certifications:
- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA