We are seeking Cybersecurity Forensics Analysts to support this critical customer mission.
Eligibility:

• Must be a US Citizen
• Must have an active Secret clearance with the ability to obtain a TS/SCI clearance
• Must be able to obtain Client Entry on Duty (EOD) Suitability prior to starting
• Must have 8+ years of directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
• Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
• Collects network device integrity data and analyze for signs of tampering or compromise
• Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
• Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer related evidence
• Serving as technical forensics liaison to stakeholders and explaining investigation details

• Experience with reconstructing a malicious attack or activity
• Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
• Ability to create forensically sound duplicates of evidence (forensic images)
• Able to write cyber investigative reports documenting forensics findings
• In depth knowledge and experience of:
• identifying different classes and characterization of attacks and attack stages
• CND policies, procedures and regulations
• proactive analysis of systems and networks, to include creating trust levels of critical resources
• system and application security threats and vulnerabilities
• of network topologies, Wi-Fi Networking, and TCP/IP protocols
• Splunk (or other SIEMs)
• Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame
• MITRE Adversary Tactics, Techniques and Common Knowledge (Telecommunication&CK)

• Must be able to work collaboratively across physical locations.

• Experience and proficiency with the following tools and techniques: EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
• EDR Tools: Crowdstrike, Carbon Black, Etc
• Carving and extracting information from PCAP data
• Non-traditional network traffic: Command and Control Preserving evidence integrity according to national standards Designing cyber security systems and environments in a Linux environment Virtualized environments Conducting all-source research