Host-Based Systems Analyst
Node.Digital
Arlington, virginia
Job Details
Full-time
Full Job Description
Host-Based Systems Analyst
Location: Arlington, VA
Must have an active Top Secret Security Clearance
Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Team personnel provide front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.
We are seeking Cyber Network Defense Analysts (CNDA) withCloud Forensics experience to support this critical customer mission.
Responsibilities:
- Acquire/collect computer artifacts and logs in support of onsite and remote engagements
- Triage electronic devices and assess evidentiary value
- Correlate forensic findings to network events in support of developing an intrusion narrative
- Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
- Perform forensic triage of an incident to include determining scope, urgency, and potential impact
- Track and document forensic analysis from initial participation through resolution
- Collect, process, preserve, analyze, and present computer-related evidence
- Coordinate with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
- Support cloud development and automation projects to enhance threat emulation capabilities
- Assist in documenting Computer Network Defense (CND) guidance and create reports pertaining to incident findings.
Requirements
Required Skills/Clearances:
- U.S. Citizenship
- Active TS/SCI clearance
- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 10+ years of directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools
- In-depth understanding of SaaS, PaaS, and IaaS in the Cloud Environment
- Ability to create forensically sound duplicates of evidence (forensic images)
- Ability to author cyber investigative reports documenting digital forensics findings
- Proficiency with analysis and characterization of cyber attacks
- Knowledge of cloud development and automation tools such as Terraform, Kubernetes, AWS CloudFormation, Azure Resource Manager, and Docker.
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, including creating trust levels of critical resources
Desired Skills:
- Knowledge of strategies/architectures involved in implementing M365/Azure authentication, how these relate to a federated identity solution, and a fundamental understanding of how threat actors would target identity to compromise an environment
- Advanced experience and proficiency across various aspects of IT operations (e.g. networking, virtualization, identity, security, business continuity, disaster recovery, data management, governance)
- Experience and understanding in the acquisition, processing, and analysis of digital evidence from onsite enterprises and cloud-native platforms
- Fundamental understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365
- Proficiency with scripting languages (e.g. Bash, Python, PowerShell, JS) for automation of hunt tools used in commercial cloud environments
- Ability to develop tools, architecture, and configurations in Azure environment to support identifying threat actor activity.
- Understanding of how Azure/M365 platform protection is implemented and security operations available
Required Education:
BS Computer Science, Cybersecurity, Computer Engineering, or related degree; or HS Diploma & 4-6 years of host or digital forensics experience.
Desired Certifications:
- One or more of the following certifications: GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS certifications, Microsoft Azure associated certifications.
Company Overview:
Node. Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.
Our Core Values help us in our mission. They include:
OUR CORE VALUES
Identifying the~RIGHT PEOPLE~and developing them to their full capabilities
Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner
We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence
Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions.
Benefits
We are proud to offer competitive compensation and benefits packages to include:
- Medical
- Dental
- Vision
- Basic Life
- Long-Term Disability
- Health Saving Account
- 401K
- Three weeks of PTO
- 10 Paid Holidays
- Pre-Approved Online Training