Host-Based Systems Analysts III with Security Clearance

Base One Technologies

2024-05-06 14:58:47

Arlington, Virginia, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

Host-Based Systems Analysts III
, or Cyber-Forensics Systems Analysts with active DoD TS/SCI eligible security clearance.
In this position you will:
• Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
• Document original condition of digital and/or associated evidence by taking photographs and collecting hash information
• Assist team members in imaging digital media
• Assist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
• Use hashing algorithms to validate forensic images
• Work with mentor to identify and understand adversary TTPs
• Assist team members in analyzing the behaviors of malicious software
• Under direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysis
• Perform analysis of log files from a variety of sources to identify possible threats to computer security
• Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
• Assess evidentiary value by triaging electronic devices
• Correlate forensic findings with network events to further develop an intrusion narrative
• When available, collect and document system state information (running processes, network connections, etc.) prior to imaging
• Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
• Track and document forensic analysis from initial involvement through final resolution
• Collect, process, preserve, analyze and present computer related evidence
• Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
• Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
• Assist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
• Assist with leading and coordinating forensic teams in preliminary investigation
• Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
• Distill analytic findings into executive summaries and in-depth technical reports
• Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
• Track and document on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluate, extract and analyze suspected malicious code Core Competencies required include:
• Use leading edge technologies and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
• Follow proper evidence handling procedures and chain-of-custody protocols
• Produce written reports documenting digital forensic findings
• Determine programs that have been executed, and find files that have been changed on disk and in memory
• Use timestamps and logs to develop authoritative timelines of activity
• Identify and document case relevant file-system artifacts
• Create forensically sound duplicates of evidence for use in data recovery and analysis
• Perform all-source research for similar or related network events or incidents
• Identify different classes of attack and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of proactive analysis of systems and networks, to include creating trust levels of critical resources Education and Background Requirements:
• Minimum 7-9 years incident management experience or cybersecurity operations experience with a High school diploma;
• Or, Bachelor's degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity or related discipline, and with minimum 5-7 year of incident management experience or cybersecurity operations experience
For all labor categories, unless otherwise specified, the following education degrees may be substituted for years of experience in a related discipline:
Bachelor's Degree = Two (2) years of experience
Master's Degree = Three (3) years of experience
Ph.D. = Four (4) years of experience Employment Requirements:
• Must have an active Top Secret/SCI security clearance or TS with SCI eligibility, verifiable in JPAS.
• Must have excellent written and verbal communication skills Physical Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform the described essential functions of the job.