GCyber is seeking an experienced Digital Forensics Analyst to support our Department of Homeland Security customer.
This position requires the candidate to actively hold a DoD Top Secret security clearance with SCI eligibility.
Job Description: The candidate shall support the Security Operations Command across a large enterprise environment. The Candidate shall perform duties related, but not limited to incident Response, Cyber Security Malware analysis, and Digital Forensics analysis.
Specific responsibilities include:
• Provide analytic and investigative support on Tier 2 investigations
• Perform forensic analysis on multiple computer and network platforms, such as Windows and Linux Operating Systems, mobile devices, and virtual machines
• Perform analysis of network flow data for traffic characterization and usage, recommended blocking actions, indications of system compromise and anomalous activity, indication of botnet activity, inventory and prioritization of internet threats
• Discover, analyze, and diagnose malware and other related events, infected files and network intrusions
• Analyze digital media (logs, code, phones, hard drives, memory dumps, etc.) to determine attack vector and develop mitigation techniques
• Follow industry-standard forensic best practices for imaging, preserving, transporting and handling electronic data and associated physical devices
• Recommend countermeasures and mitigations to malware and other Cyber related incidents; develop After Action Reports
• Develop and maintain procedural checklists in support of Digital Forensic activities
• Assist with the maintenance and readiness of the fly-away kits, storage media and forensic VM analyst images as required
• Investigate network configuration issues, malicious code activity from/to systems, and unusual port activity
• Perform research and analysis of internal and external threats: commercial reports, USCYBERCOM reports, NCTOC reports, and other DoD, DHS, IC, Federal, non-government sources
• Evaluate and report on emerging digital forensic technologies and capabilities; establish and maintain continual information pipeline in support of Customer Cyber Security strategic goals
• Create and monitor alarms and correlation rules
• Provide informal and formal technical training to the customer to include training on the tools and processes/procedures for digital forensic collections and analysis.
• Participate in digital forensic working groups, forums and meetings
About GCyber: GCyber is an information technology services company that was founded to create innovative forward-leaning solutions to enhance the capabilities of our customers. GCyber engineers have satisfied the technology needs of the U.S. Government for over 20 years. We maintain relationships with key researchers, scholars, and analysts who have specialized expertise in the federal market. GCyber’s broad experience, focus toward desired outcomes, and commitment to innovation ensures responsive and long-lasting results.
This position requires the candidate to actively hold a DoD Top Secret security clearance with CI Poly.
For more information about GCyber please visit our website at http://www.gcyber.com. Also please stay in touch and track future job openings by following us on LinkedIn http://www.linkedin.com/company/gcyber.
By submitting your resume for this position, you understand and agree that GCyber may share your resume, as well as any other related personal information or documentation you provide, with its partners and affiliated companies for the purpose of considering you for other available positions.
GCyber is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identify, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.
- Familiarity with at least one of the following tools: EnCase, Forensic Toolkit (FTK), SANS Institute Forensic Toolkit (SIFT) , Autopsy/Sleuthkit
- Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis
- Previous tools experience working with Network Analyzer, SIEM, Host Based Security System, IDS and IPS Systems.
- Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, intermediate knowledge of computer network defense operations (proxy, firewall, switch, or open source information collection)
- Clearance: Must have an active TS/SCI clearance to start. Subject to passing a CI Polygraph after start.
- Education/Years of Experience: Must have 7 years of relative work experience and BS degree.
- Certifications: Must be IAT III and CND IR compliant (CISSP or CASP and CEH)
- As a contingency to employment at GCyber, all candidates who are given offers must successfully pass a full background investigation including criminal history, education and employment verifications.