CyTech Services has an immediate need for a senior Host-based Systems Analyst - Level IV to support the DHS HIRT program. The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations.
This position requires experience in providing leadership and vision in incident handling, response, and analysis. Must be hands-on and have intimate knowledge and experience in cybersecurity, incident response, and analysis; digital forensics; security vulnerabilities/weaknesses and related attacks; network security issues and encryption technologies; management of lab environments to include flyaway kits.
Job Description - Location: Arlington VA
• Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions; and
• Follows proper evidence handling procedures and chain of custody protocols; and
• Produces written reports documenting digital forensic findings; and
• Determines programs that have been executed, finds files that have been changed on disk and in memory; and
• Uses timestamps and logs (host and network) to develop authoritative timelines of activity; and
• Finds evidence of deleted files and hidden data; and
• Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.); and
• Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis; and
• Performs all-source research for similar or related network events or incidents; and
• Possesses skill in identifying different classes of attacks and attack stages; and
• Knowledge of system and application security threats and vulnerabilities; and
• Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources.
• Assists with leading and coordinating forensic teams in preliminary investigation
• Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
• Distills analytic findings into executive summaries and in-depth technical reports
• Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
• Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluates, extracts and analyzes suspected malicious code
• Assists Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating evidence collection operations
• Provides technical assistance on digital evidence matters and forensic investigative techniques to appropriate personnel when necessary
• Writes in-depth reports, supports with peer reviews and provides quality assurance reviews for junior personnel
• Supports in overseeing forensic analysis and mentoring/providing guidance to others on data collection, analysis and reporting in support of onsite engagements
10+ years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 8+ years of host-based investigations or digital forensics experience.
REQUIRED Clearance: TS/SCI