Job Information
GET, INC. & GET-NSA, LLC Cyber Forensics Analyst / Mostly Remote in Washington, District Of Columbia
THIS IS A MOSTLY-REMOTE POSITION WITH SOME TRAVEL.
In its majority, work will be performed remotely, from the employee's place of residence. Pre-planned travel to Amarillo, Texas, for on-site interaction, support, and training will be required up to 15% of the time.
This position requires a current DOE Q or DoD Top Secret / SCI security clearance.
Global Engineering and Technology (GET) is seeking qualified applicants for the position of Cyber Forensics Analyst in support of a United States Department of Energy national security facility. This is a highly compensated, high-responsibility analysis position that is central to our mission's success.
The Cyber Forensics Analyst analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation. The analyst conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.
The Cyber Forensics Analyst shall:
Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion
Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CDs, PDAs, mobile phones, GPS, and all tape formats.
Decrypt seized data using technical means
Provide technical summary of findings in accordance with established reporting procedures
Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration
Perform dynamic analysis to boot an "image" of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment
Perform file signature analysis
Perform hash comparison against an established database
Perform static media analysis
Extract data using data carving techniques
Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence Perform static malware analysis
Perform Windows registry analysis
Perform Static malware analysis
Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise
Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information
Compensation Range: $125,000-$145,000 / year (depending on qualifications)
Requirements
Security Clearance:
This position requires a current DOE Q or DoD Top Secret security clearance.
Must be familiar with the use of specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
Required knowledge, skills, and abilities (as demonstrated by technical expertise and certification, where applicable):
Knowledge of cyber threats and vulnerabilities
Knowledge of encryption algorithms
Knowledge of incident response and handling methodologies
Knowledge of operating systems
Knowledge of system and application security threats and vulnerabilities
Knowledge of physical computer components and architectures, including the functions of various components and peripherals
Knowledge of file system implementations
Knowledge of processes for seizing and preserving digital evidence
Knowledge of hacking methodologies
Knowledge of legal governance related to admissibility (e.g. Rules of Evidence)
Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files
Knowledge of reverse engineering concepts
Knowledge of anti-forensics tactics, techniques, and procedures
Knowledge of forensics lab design configuration and support applications
Knowledge of malware analysis tools
Knowledge of malware with virtual machine detection
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems
Skill in preserving evidence integrity according to standard operating procedures or national standards
Skill in analyzing memory dumps to extract information
Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics)
Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files)
Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
Skill in setting up a forensic workstation
Skill in using forensic tool suites (e.g., EnCase, and FTK)
Skill in using virtual machines
Skill in physically disassembling PCs
Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems)
Skill in deep analysis of captured malicious code
Skill in one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5])
Skill in analyzing anomalous code as malicious or benign
Skill in analyzing volatile data
Skill in identifying obfuscation techniques
Skill in analyzing malware
Skill in conducting bit-level analysis
Skill in processing digital evidence, to include protecting and making legally sound copies of evidence
Skill in performing packet-level analysis
Ability to decrypt digital data collections
Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments
Required Education:
- Associate's degree in a technical field and 10 years of related experience OR a Bachelor's degree in a technical field and 5 years of related experience OR a Master's degree in a technical field and 2 years of related experience
Benefits
Benefits include:
Medical plan options with UnitedHealthcare
Dental Insurance
Long-term and Short-term Disability Insurance
Life Insurance
AD&D Insurance
Generous 401(k) Match
All benefits are effective on day one of employment.
Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.