Host Based Analyst with Security Clearance

Base One Technologies

2024-05-06 12:58:40

Arlington, Virginia, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

We are seeking Cloud Forensics Analysts (CFA) to support this critical customer mission. The CFA is a recently identified position for the HIRT and affords ample opportunities for training and career growth within the Cloud Forensics field. Responsibilities: • Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
• Triage electronic devices and assess evidentiary value • Correlate forensic findings to network events in support of developing an intrusion narrative Document system state information (e.g. running processes, network connections) prior to imaging, as required
• Perform forensic triage of an incident to include determining scope, urgency and potential impact • Document forensic analysis from initial participation through resolution • Collect, process, preserve, analyze and present computer related evidence • Coordinate with Government customer to validate/investigate alerts or additional preliminary findings • Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products • Assist to document and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings Required Skills/Clearances: • U.S. Citizenship
• Active TS/SCI clearance - Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability • 5+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools • Understanding of SaaS, PaaS and IaaS in the Cloud Environment • Authoring cyber investigative reports documenting digital forensics findings • Analyze and characterize cyber-attacks unique to cloud • Skilled in identifying different classes of attacks and attack stages • Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods • Able to work collaboratively across physical locations • Action-oriented and have a proactive approach to problem solving • Proficiency with common operating systems (e,g, Linux/Unix, Windows) Desired Skills: • Awareness of strategies/architectures involved in implementing M365/Azure authentication
• Experience in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms • Understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365 • Proficiency with scripting languages (e.g. Bash, Python, Powershell, JS) • Understanding of Azure administration, M365 administration and/or development/DevOps Required Education: BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 7-9 years of host or digital forensics experience. Desired Certifications/Education: GCLD, GCPS, GCPN, GWEB, CCSP, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, Kubernetes Security Specialist, Microsoft 365 Certifications, Microsoft Azure Certifications AWS Certifications, SANS Cloud Courses (SEC541, SEC584, SEC588) and Certifications