Lead Cyber Defense Forensics Analyst
Securicon LLC Alexandria, VA
- Posted: over a month ago
Securicon is looking for a Lead Cyber Defense Forensics Analyst to support the US Census in Suitland, MD.
The successful candidate will oversee a team of cybersecurity professionals who perform two critical cyber security functions, Digital Forensics and Threat Hunt activities. The digital forensics in support of cybersecurity incidents require detailed analysis to reconstruct the series of events that led to a compromise or breach. The Threat Hunt and Forensics Team collects, processes, analyzes, preserves, and presents computer-related evidence in support of cyber incidents, law enforcement, fraud, or counterintelligence.
Leveraging industry best practices, techniques, tools, and procedures, the Team performs network and digital forensics, incident response, malware analysis. The Threat Hunt and Forensics Team also performs advanced cyber threat hunting throughout the IT enterprise. The USCB goes far beyond simple IOC sweeps. The Threat Hunt and Forensics Team analyzes detailed information and intelligence on known and emerging Advanced Persistent Threat (APT) and cybercriminal actors to develop attack hypotheses relevant to the Census IT enterprise. Working collaboratively with the CTI Team and the Continuous Penetration Testing Team, threat hunts are designed to find any internal indications of adversary activity.
- Perform active hunt activities based on current cyber threat intelligence and the MITRE Attack Framework;
- Perform detailed analysis to reconstruct the series of events that led to a compromise or breach;
- Collaborate with the CTI Team to establish relevant tactics, techniques and procedures for prioritized cyber actors identified in the threat model;
- Develop cyber hunt activities based on attack hypotheses to identify indications of potential compromise or breach;
- Possess advanced knowledge across various IT platforms in order to understand how attacks occur and what residual indicators might result;
- Develop, maintain, and update the Threat Hunting Concept of Operations and SOP.
- Perform digital forensic analysis, including network and host based;
- Receive and apply intelligence from the CTI Team, including IOCs and TTPs, to hunt for activity within USCB networks;
- Collect, process, analyze, preserve, and present computer-related evidence in support of cyber incidents, law enforcement, and fraud or counterintelligence;
- Execute proactive defense of USCB systems through IOCs sweeps, host interrogation, and persistent threat hunting;
- Provide status updates according to the reporting rhythm, maintain daily Activities Tracker, and prepare Enterprise Forensics, Malware Analysis and Advanced Hunting Plan & SOP.
- Master's or Ph.D. degree.
- Possess the abilities, knowledge, skills, tasks, and capabilities described in the Responsibilities section above;
- 5-7 years of experience in digital forensics and incident response and threat hunt activities;
- Core Competencies in Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis;
- All access to classified information will be within government controlled secure facilities.
- Certifications addressing analysis of malicious document files, analyzing protected executables, analyzing web-based malware, common windows malware characteristics in assembly, in-depth analysis of malicious browser scripts, in-depth analysis of malicious executables, malware analysis using memory forensics, malware code and behavioral analysis fundamentals, Windows assembly code concepts for reverse-engineering, security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, information systems audit process, IT government and management, information systems acquisition, development, implementation, operations, maintenance, and service management, protection of information assets, information security governance, information security program development and management, information security incident management, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, U.S. government privacy laws (privacy definitions and principles, the Privacy Act and the E-Government Act, other laws and regulations affecting U.S. government privacy practice, privacy, and the federal intelligence community, other federal information privacy laws and authorities affecting government practice), U.S. government privacy practices (privacy program management and organization, records management, auditing, and compliance monitoring).
Skills and experience in the following areas -
- Decrypt seized data using technical means.
- Provide technical summary of findings in accordance with established reporting procedures.
- Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
- Examine recovered data for information of relevance to the issue at hand.
- Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.
- Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment.
- Perform file signature analysis.
- Perform hash comparison against established database.
- Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).
- Perform timeline analysis.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
- Perform static media analysis.
- Perform tier 1, 2, and 3 malware analysis.
- Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures).
- Provide technical assistance on digital evidence matters to appropriate personnel.
- Recognize and accurately report forensic artifacts indicative of a particular operating system.
- Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
- Capture and analyze network traffic associated with malicious activities using network monitoring tools.
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
- Conduct cursory binary analysis.
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
- Perform virus scanning on digital media.
- Perform file system forensic analysis.
- Perform static analysis to mount an "image" of a drive (without necessarily having the original drive).
- Perform static malware analysis.
- Utilize deployable forensics toolkit to support operations as necessary.
- Coordinate with intelligence analysts to correlate threat assessment data.
- Process image with appropriate tools depending on analyst’s goals.
- Perform Windows registry analysis.
- Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
- Enter media information into tracking database (e.g., Product Tracker Tool) for digital media that has been acquired.
- Correlate incident data and perform cyber defense reporting.
- Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.
- Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies.
Security Clearance Requirements:
- Must possess a TS/SCI security clearance
Securicon is an equal opportunity employer. We welcome and encourage diversity regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status. We are a veteran owned, small business.
TechnologyView all jobs at Securicon LLC