Host Based Systems Analyst - IV with Security Clearance
Base One Technologies
2024-11-06 21:41:33
Arlington, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Responsibilities:
• Acquire/collect computer artifacts and logs in support of onsite and remote engagements
• Triage electronic devices and assess evidentiary value
• Correlate forensic findings to network events in support of developing an intrusion narrative
• Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
• Perform forensic triage of an incident to include determining scope, urgency and potential impact
• Track and document forensic analysis from initial participation through resolution
• Collect, process, preserve, analyze and present computer related evidence
• Coordinate with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
• Support cloud development and automation projects to enhance threat emulation capabilities
• Assist to document Computer Network Defense (CND) guidance and create reports pertaining to incident findings Required Skills/Clearances:
• U.S. Citizenship
• Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 10+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
• In depth understanding of SaaS, PaaS and IaaS in the Cloud Environment
• Ability to create forensically sound duplicates of evidence (forensic images)
• Ability to author cyber investigative reports documenting digital forensics findings
• Proficiency with analysis and characterization of cyber attacks
• Knowledge of cloud development and automation tools such as Terraform, Kubernetes, AWS CloudFormation, Azure Resource Manager, and Docker.
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources Desired Skills:
• Knowledge of strategies/architectures involved in implementing M365/Azure authentication, how these relate to a federated identity solution, and a fundamental understanding of how threat actors would target identity to compromise an environment
• Advanced experience and proficiency across various aspects of IT operations (e.g. networking, virtualization, identity, security, business continuity, disaster recovery, data management, governance)
• Experience and understanding in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms
• Fundamental understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365
• Proficiency with scripting languages (e.g. Bash, Python, PowerShell, JS) for automation of hunt tools used in commercial cloud environments
• Ability to develop tools, architecture and configurations in Azure environment to support identifying threat actor activity.
• Understanding of how Azure/M365 platform protection is implemented and security operations available Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 4-6 years of host or digital forensics experience. Desired Certifications:
• One or more of the following certifications: GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS certifications, Microsoft Azure associated certifications.