Cyber Forensics Analyst / Mostly Remote
Global Engineering & Technology, Inc. (GET)
Washington, district of columbia
Job Details
Full-time
Full Job Description
THIS IS A MOSTLY-REMOTE POSITION WITH SOME TRAVEL.
In its majority, work will be performed remotely, from the employee's place of residence. Pre-planned travel to Amarillo, Texas, for on-site interaction, support, and training will be required up to 15% of the time.
This position requires a current DOE Q or DoD Top Secret / SCI security clearance.
Global Engineering and Technology (GET) is seeking qualified applicants for the position of Cyber Forensics Analyst in support of a United States Department of Energy national security facility. This is a highly compensated, high-responsibility analysis position that is central to our mission's success.
The Cyber Forensics Analyst analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation. The analyst conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.
The Cyber Forensics Analyst shall:
- Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion
- Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CDs, PDAs, mobile phones, GPS, and all tape formats.
- Decrypt seized data using technical means
- Provide technical summary of findings in accordance with established reporting procedures
- Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
- Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration
- Perform dynamic analysis to boot an "image" of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment
- Perform file signature analysis
- Perform hash comparison against an established database
- Perform static media analysis
- Extract data using data carving techniques
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence Perform static malware analysis
- Perform Windows registry analysis
- Perform Static malware analysis
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise
- Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information
Compensation Range: $125,000-$145,000 / year (depending on qualifications)
Requirements
Security Clearance:
This position requires a current DOE Q or DoD Top Secret security clearance.
Must be familiar with the use of specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
Required knowledge, skills, and abilities (as demonstrated by technical expertise and certification, where applicable):
- Knowledge of cyber threats and vulnerabilities
- Knowledge of encryption algorithms
- Knowledge of incident response and handling methodologies
- Knowledge of operating systems
- Knowledge of system and application security threats and vulnerabilities
- Knowledge of physical computer components and architectures, including the functions of various components and peripherals
- Knowledge of file system implementations
- Knowledge of processes for seizing and preserving digital evidence
- Knowledge of hacking methodologies
- Knowledge of legal governance related to admissibility (e.g. Rules of Evidence)
- Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody
- Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files
- Knowledge of reverse engineering concepts
- Knowledge of anti-forensics tactics, techniques, and procedures
- Knowledge of forensics lab design configuration and support applications
- Knowledge of malware analysis tools
- Knowledge of malware with virtual machine detection
- Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems
- Skill in preserving evidence integrity according to standard operating procedures or national standards
- Skill in analyzing memory dumps to extract information
- Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics)
- Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files)
- Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
- Skill in setting up a forensic workstation
- Skill in using forensic tool suites (e.g., EnCase, and FTK)
- Skill in using virtual machines
- Skill in physically disassembling PCs
- Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems)
- Skill in deep analysis of captured malicious code
- Skill in one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5])
- Skill in analyzing anomalous code as malicious or benign
- Skill in analyzing volatile data
- Skill in identifying obfuscation techniques
- Skill in analyzing malware
- Skill in conducting bit-level analysis
- Skill in processing digital evidence, to include protecting and making legally sound copies of evidence
- Skill in performing packet-level analysis
- Ability to decrypt digital data collections
- Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments
Required Education:
- Associate's degree in a technical field and 10 years of related experience OR a Bachelor's degree in a technical field and 5 years of related experience OR a Master's degree in a technical field and 2 years of related experience
Benefits
Benefits include:
- Medical plan options with UnitedHealthcare
- Dental Insurance
- Long-term and Short-term Disability Insurance
- Life Insurance
- AD&D Insurance
- Generous 401(k) Match
All benefits are effective on day one of employment.
Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.