Immediate fulltime opening for Cyber Forensic Analyst with an active Top Secret or higher to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation-s cyber and communications infrastructure while providing front line response for cyber incidents and hunting for malicious cyber activity.

The position is 100% Remote with Business travel (nationwide) as required by the government.

Responsibilities:

- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Collects network intrusion artifacts (e.g., PCAP, domains, URI-s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
- Collects network device integrity data and analyze for signs of tampering or compromise
- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
- Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer related evidence
- Serving as technical forensics liaison to stakeholders and explaining investigation details

Required Skills

- Must be US Citizen due to government requirement.
- Must have an active TS clearance or higher and able to obtain DHS Suitability. Must be SCI eligible.
- BS Computer Science, Cybersecurity, Computer Engineering, or related degree and 8 years of host or digital forensics or network forensic experience; OR HS Diploma and 10+ years of host or digital forensics or network forensic experience.
- 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
- Experience with reconstructing a malicious attack or activity
- Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
- Ability to create forensically sound duplicates of evidence (forensic images)
- Ability to write cyber investigative reports documenting forensics findings
- In depth knowledge and experience of:
- Identifying different classes and characterization of attacks and attack stages
- CND policies, procedures, and regulations
- Proactive analysis of systems and networks, to include creating trust levels of critical resources
- System and application security threats and vulnerabilities
- Network topologies
- Wi-Fi Networking
- TCP/IP protocols
- Splunk (or other SIEMs)
- Vulnerability scanning, assessment, and monitoring tools such as Security Center, Nessus, and Endgame
- MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
- Must be able to work collaboratively across physical locations.

Desired Certifications
- GIAC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA