Host Based Forensics Analyst (HBA04) - Remote

Immediate fulltime opening for Cyber Forensic Analyst with an active Top Secret or higher to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation-s cyber and communications infrastructure while providing front line response for cyber incidents and hunting for malicious cyber activity.

The position is 100% Remote with Business travel (nationwide) as required by the government.

Responsibilities:

- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Collects network intrusion artifacts (e.g., PCAP, domains, URI-s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
- Collects network device integrity data and analyze for signs of tampering or compromise
- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
- Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer related evidence
- Serving as technical forensics liaison to stakeholders and explaining investigation details

Required Skills

- Must be US Citizen due to government requirement.
- Must have an active TS clearance or higher and able to obtain DHS Suitability. Must be SCI eligible.
- BS Computer Science, Cybersecurity, Computer Engineering, or related degree and 8 years of host or digital forensics or network forensic experience; OR HS Diploma and 10+ years of host or digital forensics or network forensic experience.
- 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
- Experience with reconstructing a malicious attack or activity
- Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
- Ability to create forensically sound duplicates of evidence (forensic images)
- Ability to write cyber investigative reports documenting forensics findings
- In depth knowledge and experience of:
- Identifying different classes and characterization of attacks and attack stages
- CND policies, procedures, and regulations
- Proactive analysis of systems and networks, to include creating trust levels of critical resources
- System and application security threats and vulnerabilities
- Network topologies
- Wi-Fi Networking
- TCP/IP protocols
- Splunk (or other SIEMs)
- Vulnerability scanning, assessment, and monitoring tools such as Security Center, Nessus, and Endgame
- MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
- Must be able to work collaboratively across physical locations.

Desired Certifications
- GIAC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Apply Now

Return to Search Results

Have a Question?

Location

Telecommute

Openings

2

Anticipated Start Date

Monday, September 19, 2022

Job Type

Direct Hire

Anticipated Duration

PERM

Date Posted

Thursday, August 25, 2022

Know someone who would be a good fit? We pay for referrals!

Share this job:



Call 800-ELITE-50
Reference #10599

Elite Technical Services, Inc. participates in the E-Verify program to confirm the employment eligibility of all persons hired. This means that we will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. Elite Technical Services, Inc. will not use E-Verify to pre-screen job applicants.

Elite Technical Services, Inc. is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.