SENIOR CYBER SECURITY ANALYST - FORENSIC MALWARE (JBSA-21-0339-W):
Bowhead seeks a Cyber Security Analyst - Forensic Malware to support the AFCERT DCO HAC contract in San Antonio, TX.
The ability of the 33 NWS to complete its mission is dependent upon accurate, timely and thorough execution of computer forensics on suspected and confirmed compromised AF systems in order to determine the method of intrusion and corrective actions to be taken to prevent or detect similar future activities.
Will track evidence inventory for intake and releasing to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records. Apply best principles and practices IAW CJCSM 65-10.01B Enclosure A in retrieving, recovering, and preserving digital evidence. Utilize forensic tools such as, but not limited to; EnCase, FTK, FireEye, etc and other systems as required.
• Conduct analysis of metadata and forensic examinations of digital media from a variety of sources including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence.
• Investigate network and computer intrusions to identify root cause and generate indicators of compromise.
• Perform software reverse engineering of suspected malicious files to verify if system compromise occurred.
• Perform memory forensics & malware reverse engineering, analysis and extract IOCs (Indicators of Compromise).
• Parse through gigabytes of log data utilizing native Unix/Linux command line tools.
• Create and run scripts that will collect and analyze logs utilizing Unix/Linux commands.
• Analyze data from multiple sources including: Linux/Unix/Windows operating systems, TCP/IP and PCAP.
• Perform Hard Drive Analysis of suspected/confirmed infected or exploited systems.
• Develop methods to identify, contain, log, and analyze malware-based activities on AF AIS and networks.
• Provide support to AF network administrators on the installation and analysis of packet sniffers on their network topology.
• Collaborate with leadership and external agencies, including Counter-Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts and provide AF OSI DCO technical support to law enforcement and counter- intelligence activities.
Bowhead seeks to network with qualified individuals relative to a potential opportunity, which is contingent upon award and not currently funded. Please click the link at the bottom of this posting to apply for consideration. Incumbent employees are encouraged to respond. No solicitations or third party applications will be accepted.
In accordance with Executive Order 14042: Ensuring Adequate COVID Safety Protocols for Federal Contractors, candidates should be aware that they may be required to have received or be willing to receive the COVID-19 vaccine by date of hire. All job offers in connection with a covered contract may be contingent upon providing proof of vaccination prior to your anticipated start date.
Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh-based computers and servers. Must understand the use of a variety of forensic tools (Access Data, FTK, Guidance EnCase; including mobility (Axiom/BlackBag Mobilyze/Cellebrite/Paraben and in, FTK, X-Ways Forensics, FireEye, Volatility, Sleuthkit, BlackBag tools) and various Open Source forensic tools. Experience writing intelligence and technical articles for production and dissemination is preferred. Proficient w/ malware analysis, sandboxing, and software reverse engineering. Experience with scripting languages such as Python and PowerShell. Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
• 10 years of experience.
• MA/MS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree preferred
• Demonstrates in-depth knowledge and understanding of the Computer Forensics Analyst activities required to meet mission requirements
• Must be able to travel on short notice
• IAT Level III CND compliance.
• GCFE or GCFA.
Desired: GREM, GCTI and/or ACE
SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret/SCI level. US Citizenship is a requirement for Top Secret clearance at this location.
Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.
Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.
UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.
All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/).
UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.
Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.
Link to Apply:
#LI-JR1 UIC and its Family of Companies is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.Please view Equal Employment Opportunity Posters provided by OFCCP here .The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)