Full time 
Ashburn, VA -
We are seeking a Cyber Forensics Analysts to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation’s cyber and communications infrastructure while providing front line response for cyber incidents and hunting for malicious cyber activity.
-
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
-
Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
-
Collects network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
-
Collects network device integrity data and analyze for signs of tampering or compromise
-
Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
-
Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer related evidence
-
Serving as technical forensics liaison to stakeholders and explaining investigation details
-
Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
-
U.S. Citizenship
-
Must have an active TS clearance or higher and able to obtain DHS Suitability
-
8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
-
8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering, or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience
-
Experience with reconstructing a malicious attack or activity
-
Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
-
Ability to create forensically sound duplicates of evidence (forensic images)
-
Ability to write cyber investigative reports documenting forensics findings
-
In depth knowledge of: CND policies, procedures, and regulations; system and application security threats and vulnerabilities; network topologies; Wi-Fi Networking; TCP/IP protocols
-
In depth experience with: identifying different classes and characterization of attacks and attack stages; proactive analysis of systems and networks, to include creating trust levels of critical resources; Splunk (or other SIEMs); Vulnerability scanning, assessment, and monitoring tools such as Security Center, Nessus, and Endgame; MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
-
Must be able to work collaboratively across physical locations
-
One of the following certifications: GIAC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA
-
Preferred to have an active TS/SCI clearance
-
EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
-
EDR Tools: Crowdstrike, Carbon Black, Etc.
-
Carving and extracting information from PCAP data
-
Non-traditional network traffic: Command and Control, Preserving evidence integrity according to national standards, Designing cyber security systems and environments in a Linux environment, Virtualized environments, and Conducting all-source research
• Medical, Dental, Vision Benefits
• Paid Life
• Paid Vacation, Holidays, Sick Leave, Floating Holidays, Bereavement Leave
• Semi-monthly pay cycle
