Forensic Malware Analyst (33 NWS) with Security Clearance

---

Job description

FORENSIC MALWARE ANALYST (33 NWS) - TS/SCI REQUIRED - JBSA LACKLAND, SAN ANTONIO, TEXAS Job Description At IPSecure, you'll shape the future of Cybersecurity by building the technology to tackle the toughest challenges and stay ahead of the latest threats. If you want to join an agile and growing company that makes a direct impact in the cyber fight against cyber criminals, IPSecure is the place for you. Driven by passionate people who are dedicated to making the world safer, it's no wonder we've been named a Top Place to Work in San Antonio. Responsibilities Document all findings in the investigation/incident log. Track evidence inventory for intake and releasing to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records. Utilize forensic tools such as, but not limited to; EnCase, FTK, FireEye, etc. and other systems as required. Conduct analysis of metadata and forensic examinations of digital media from a variety of sources including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence. Confirm malicious activity when new information is identified through forensic analysis. Investigate network and computer intrusions to identify root cause and generate indicators of compromise and document all findings in the investigation/incident log for each file. Perform memory forensics and malware reverse engineering of suspected malicious files to verify if system compromise occurred, document all findings/Indicators of Compromise (IOCs) in the investigation/incident log for each file. Perform Hard Drive Analysis of suspected/confirmed infected or exploited systems and document all findings in the investigation/incident log for each hard drive. Develop methods to identify, contain, log, and analyze malware-based activities on AF AIS and networks. Provide support to AF network administrators on the installation and analysis of packet sniffers on their network topology by reporting the functionality status upon request. Generate forensic reports and synopses, presenting complex technical processes and findings clearly and concisely to technical and non-technical audiences. Collaborate with leadership and external agencies, including Counter-Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts. Provide AF OSI DCO technical support to law enforcement and counter- intelligence activities. Turn any investigation over to AF OSI if it is determined during an investigation a law was broken. Support and/or augment Incident Response deployment with same day notice. This travel will allow responders to retrieve hard drives or miscellaneous storage media, isolate system(s) for additional investigation, and perform other on-site Incident Response actions. Set up a monitor or "cage" at the on-site location as needed. Basic Qualifications An active TS/SCI clearance is required to start Must have a GIAC Certified Forensic Analyst (GCFA) within 120 days of date of hire Must have a GIAC Reverse Engineering Malware (GREM) within 120 days of date of hire Preferred Qualifications 5+ years of experience as a Forensic Malware Technician. Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh-based computers and servers. Experience with a variety of forensic tools (Access Data, FTK, Guidance EnCase; including mobility (Axiom/BlackBag Mobilyze/Cellebrite/Paraben and in, FTK, X-Ways Forensics, FireEye, Volatility, Sleuthkit, BlackBag tools) and various Open Source forensic tools. Shell Scripting experience. Experience writing intelligence and technical articles for production and dissemination. Very proficient w/ malware analysis, sandboxing, and software reverse engineering. Proficient Experience with scripting languages such as Python and PowerShell. Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open-Source projects). Benefits Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance, and Hospital Indemnity Insurance available. EEOC Statement IPSecure is an Affirmative Action Employer and does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran.

<!– job description page –>