Host Based Systems Analyst
Who are you?
- Trusted Employee : The Government trusts you and so do we. You possess an active Top Secret security clearance. You must also be able to obtain Department of Homeland Security (DHS) suitability.
- Threat Expert : You have experience with proper evidence handling procedures and chain of custody protocols. You are skilled in identifying different classes of attacks and attack stages.
You are knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources, as well as system and application security threats and vulnerabilities.
You are also proficient in conducting all-source research.
- Tech Savvy : You have experience working with two or more of the following tools : EnCaseForensic Toolkit (FTK) SANS Investigative Forensics Toolkit (SIFT) X-waysVolatilityWireSharkSleuth Kit / AutopsySplunkSnortOther EDR tools (Crowdstrike, Carbon Black, etc.)
- Knowledgeable : You have put in the hard work and earned a Bachelor of Science in Cyber Security, Computer Engineering, or related degree with 8+ years of experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools.
You may also have a High School diploma, as well as 10+ years of host or digital forensics experience.
Field Certified : You are a go-getter and an excellent test taker. You earned and maintain at least one of the following certifications : GIAC Certified Forensic Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)Encase Certified Examiner (EnCE)Certified Computer Examiner (CCE)Certified Forensic Computer Examiner (CFCE)Certified Information Systems Security Professional (CISSP)
What we do :
The Department of Homeland Security (DHS) is dedicated to responding to cyber incidents and hunting proactively for malicious cyber activity.
The DHS centers its resources around securing the nation's infrastructure, and Fusion Technology aims to support this mission by providing advanced technical assistance, proactive hunting, and rapid onsite incident response utilizing host and network-based cybersecurity analysis capabilities.
What you’ll do :
- Assist Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating evidence collection operations
- Provide technical assistance on digital evidence matters and forensic investigative techniques to appropriate personnel when necessary
- Write in-depth reports, support with peer reviews, and provide quality assurance reviews for junior personnel
- Support forensic analysis and mentor / provide guidance to others on data collection, analysis, and reporting in support of onsite engagements
- Assist with leading and coordinating forensic teams in preliminary investigation
- Plan, coordinate, and direct the inventory, examination, and comprehensive technical analysis of computer-related evidence
- Distill analytic findings into executive summaries and in-depth technical reports
- Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
- Track and document on-site incident response activities and provide updates to leadership throughout the engagement
- Evaluate, extract, and analyze suspected malicious code
- Create forensic sound duplicates of evidence (forensic images)
- Write cyber investigative reports documenting digital forensic findings
- Analyze and characterize cyber attacks