Senior Forensics & Malware Analyst with Security Clearance

---

Job description

The Alaka ina Foundation Family of Companies (FOCs) is looking for a Forensic and Malware Analyst to support our government customer located in Honolulu, Hawai'i . We are seeking a highly skilled Forensic and Malware Analyst to join our team, dedicated to safeguarding our clients' critical digital infrastructure from advanced threats. To thrive in this position, you should possess extensive experience in malware analysis, reverse engineering, and digital forensics, coupled with a deep understanding of the latest attack vectors and threat actors. You will have opportunities to lead complex investigations, perform in-depth malware analysis, develop custom tools and scripts to enhance our forensic capabilities, and provide expert guidance to junior team members. We offer professional development opportunities to support your growth and align with current and future mission requirements. DESCRIPTION OF RESPONSIBILITIES: Collaborate with incident handlers and incident responders to integrate automated solutions into the overall incident handling workflow, improving the organization's ability to quickly detect, analyze, and respond to complex threats and malware incidents. Serve as a technical lead in the development, training, and implementation of advanced forensic and malware analysis techniques, tools, and methodologies to strengthen the organization's incident response capabilities. Conduct in-depth static and dynamic analysis of complex malware samples, utilizing cutting-edge tools and techniques to uncover sophisticated evasion mechanisms, command and control infrastructure, and potential impact on targeted systems. Serve as the primary point of contact for site-specific forensic acquisition missions, liaising with local stakeholders, and overseeing the deployment of resources to ensure the timely and effective collection of digital evidence while maintaining data integrity and chain of custody according to organizational TTPs. Develop and implement SOPs/TTPs for the forensic acquisition of digital evidence at various sites, ensuring consistency, efficiency, and compliance with organizational TTPs and industry best practices. Lead the development and implementation of advanced custom detection signatures, rules, and ML jobs, collaborating with the penetration testing team to validate their effectiveness and ensure the continuous improvement of the organization's threat detection capabilities. Other duties as assigned, by Supervisor. 40 hour work week. REQUIRED DEGREE/EDUCATION/CERTIFICATION: Must meet at least one of the following baseline certifications in lieu of education: CySA+, CFR, GCFA, GCIA, GDSA, GCIH, GICSP, or CCE Must meet designated Computing Environment (CE) certifications within six (6) months of hire REQUIRED SKILLS AND EXPERIENCE: Minimum of four (4) years of experience in digital forensics, incident response, and malware analysis. Demonstrate mastery-level expertise in analyzing complex malware samples, leveraging advanced techniques such as manual code reversing, binary analysis, and memory forensics to uncover sophisticated evasion mechanisms, command and control infrastructure, and potential impact on targeted systems. Proficiency in scripting and programming languages such as Python, PowerShell, Bash or Ansible for automation and tool development. Ability to work well under pressure and manage multiple priorities in a fast-paced environment. Ability to work independently and lead projects, as well as mentor and guide junior team members. DESIRED SKILLS AND EXPERIENCE: Automate various tasks via scripting languages: (PowerShell/Bash/Python, etc.) Develop atomic, statistical, and behavioral rules within SIEM(s): (Splunk/Elastic/Trellix, etc.) Analysis of network alerting within IDS/IPS(s): (Cisco Secure Firewall/Trellix/Security Onion, Snort/Suricata, etc.) NIDS rule creation and tuning: (Snort/Suricata, etc.) PCAP Analysis and associated tools: (TCPDump/Snort/Suricata, Wireshark/Network miner, etc.) Understand logging outputs of Network Security Monitors: (Zeek/Suricata, etc.) Digital Forensic solutions for Hard Drive Imaging analysis: (EnCase, FTK Imager, etc.) Memory Analysis tools for analysis of SWAP & RAM: (Volatility, etc.) Host analysis HID/HIP and other Host solutions: (Trellix HBSS/ePO, Tychon/Tanium, etc.) REQUIRED CITIZENSHIP AND CLEARANCE: Must be a U.S. Citizen. Must have a TS/SCI clearance OR a SECRET clearance with the ability to upgrade. The Alaka ina Foundation Family of Companies (FOCs) is a fast-growing government service provider. Employees enjoy competitive salaries; a 401K plan with company match; medical, dental, disability, and life insurance coverage; tuition reimbursement; paid time off; and 11 paid holidays. The Alaka ina Foundation Family of Companies (FOCs) is proud to be an equal opportunity employer. We are an Equal Opportunity/Affirmative Action Employer of individuals with disabilities and veterans. We are proud to state that we do not discriminate in employment decisions on the basis of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. If you are a person with a disability and you need an accommodation during the application process, please click here to request accommodation. We E-Verify all employees. The Alaka ina Foundation Family of Companies (FOCs) is comprised of industry-recognized government service firms designated as Native Hawaiian Organization (NHO)-owned and 8(a) certified businesses. The Family of Companies (FOCs) includes Ke aki Technologies, Laulima Government Solutions, Kūpono Government Services, and Kapili Services, Po okela Solutions, Kīkaha Solutions, LLC, and Pololei Solutions, LLC. Alaka ina Foundation activities under the 501(c)3 principally benefit the youth of Hawaii through charitable efforts which includes providing innovative educational programs that combine leadership, science & technology, and environmental stewardship. For additional information, please visit

<!– job description page –>