Digital Forensic Analyst (Top Secret Cleared)

Overview

Hybrid
$148,000 - $225,000
Full Time

Skills

Security+
. NET
BASH
Computer Network Defense
DHCP
DNS
Engineering support
Forensic
Linux
OS X
PowerShell
Python
RUBY
SMTP
Splunk
Systems Engineering
Windows
advanced security
assets
case management
communication skills
communications skills
content management
critical thinking
cyber security
editing
intelligence analysis
intrusion detection
malware analysis
security operations
software development
technical editing
technical writing
threat
verbal communication
writing

Job Details

BDR Solutions, LLC, (BDR) supports the U.S. Federal Government in successfully achieving its mission and goals. Our service and solution delivery starts with understanding each client's end-state, and then seamlessly integrating within each Agency's organization to improve and enhance business and technical operations and deployments.
BDR is seeking a Digital Forensics Analyst (Top Secret Cleared) to join our growing team! This position will be performed virtually from the individual's home office working on EST time schedule. This position requires ship with an active Top Secret clearance and SCI eligibility.
(Military Veterans are highly encouraged to apply)
Role Overview
The Digital Forensics Analyst will support an Agency-level Focused Operations (FO) team at DHS. The Senior Digital Forensics Analysts will conduct advanced security event analytics, insider threat monitoring, log analysis, host-based forensics, incident response, and case management. In support of this vital mission, BDR staff are on the forefront of providing Advanced CND (Computer Network Defense) Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response. Strong written and verbal communication skills are necessary. The ideal candidate will have a solid understanding of incident response, forensics investigations, and cyber threats. Additionally, the ideal candidate would be familiar with digital evidence collection, malware analysis, host-based forensic tools, intrusion detection systems, file systems, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
***Onsite once a week in Springfield, VA
Responsibilities

  • Lead efforts in Incident Handling, including Detection, Analysis, and Triage.
  • Conduct security event triage to discern legitimate security incidents.
  • Investigate security incidents, implement countermeasures, and conduct incident response.
  • Conduct Forensic Analysis on compromised systems using digital forensics tools.
  • Analyze information technology security events for forensic purposes.
  • Lead efforts in Hunting for anomalous patterns detection and content management.
  • Apply strong logical/critical thinking abilities, especially in analyzing security events.
  • Analyze windows event logs, network traffic, and IDS events for malicious intent.
  • Utilize strong analytical and technical skills for hunting activities.
  • Produce clear and thorough security incident reports and briefings.
  • Identify and implement countermeasures or mitigating controls for deployment.
  • Recommend and coordinate countermeasures to operational CND personnel.
  • Develop rules, filters, views, signatures, and operationally relevant applications/scripts.


Required Minimum Qualifications

  • Bachelor's Degree
  • Possess at least 5 years of directly relevant experience performing digital forensic analysis with demonstrated leadership capabilities.
  • Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required.
  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Forensic Analysis.
  • Prior experience and ability to analyze information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
  • Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, network traffic, IDS events for malicious intent).
  • Strong proficiency Report writing a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
  • A working knowledge of the various operating systems (e.g., Windows, OS X, Linux) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory.
  • Working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS).
  • Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.
  • Experience conducting Forensic Analysis on compromised systems using digital forensics tools.
  • Experience with Cyber, Insider Threat and Policy Violation, and eDiscovery investigations.
  • Proficiency in cyber threat exploitation patterns, from first discovery through identification of persistent presence.
  • Provide subject matter expertise support in the detection, analysis, and mitigation of insider threat activities.
  • Previous firsthand experience with Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk or MS Sentinel).
  • Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
  • Experience in recommending and coordinating countermeasures to operational CND personnel.
  • Familiarity with scripting languages (BASH, PowerShell, Python, PERL, RUBY) or software development frameworks (.NET).


Required Certifications (One or more of the following)

  • GCIA
  • GCED
  • GCFA
  • GCFE
  • GCTI
  • GNFA
  • GCIH
  • ECSA
  • CHFI
  • CISSP
  • Security+
  • Network+
  • CEH
  • CND
  • CCE
  • CFC
  • EnCE
  • CFCE
  • GREM

In addition, U.S Citizenship is required. Select applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information and be able to obtain a government-granted security clearance. Individuals may also be subject to a background investigation including, but not limited to criminal history, employment and education verification, drug testing, and creditworthiness. BDR is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, marital status, disability, veteran status, sexual orientation, or genetic information.