Host-Based Systems Analysts III with Security Clearance
Apply NowCompany: Base One Technologies
Location: Arlington, VA 22201
Description:
Host-Based Systems Analysts III
, or Cyber-Forensics Systems Analysts with active DoD TS/SCI eligible security clearance.
In this position you will:
Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
Document original condition of digital and/or associated evidence by taking photographs and collecting hash information
Assist team members in imaging digital media
Assist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
Use hashing algorithms to validate forensic images
Work with mentor to identify and understand adversary TTPs
Assist team members in analyzing the behaviors of malicious software
Under direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysis
Perform analysis of log files from a variety of sources to identify possible threats to computer security
Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
Assess evidentiary value by triaging electronic devices
Correlate forensic findings with network events to further develop an intrusion narrative
When available, collect and document system state information (running processes, network connections, etc.) prior to imaging
Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
Track and document forensic analysis from initial involvement through final resolution
Collect, process, preserve, analyze and present computer related evidence
Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
Assist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
Assist with leading and coordinating forensic teams in preliminary investigation
Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
Distill analytic findings into executive summaries and in-depth technical reports
Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
Track and document on-site incident response activities and provides updates to leadership throughout the engagement
Evaluate, extract and analyze suspected malicious code Core Competencies required include:
Use leading edge technologies and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
Follow proper evidence handling procedures and chain-of-custody protocols
Produce written reports documenting digital forensic findings
Determine programs that have been executed, and find files that have been changed on disk and in memory
Use timestamps and logs to develop authoritative timelines of activity
Identify and document case relevant file-system artifacts
Create forensically sound duplicates of evidence for use in data recovery and analysis
Perform all-source research for similar or related network events or incidents
Identify different classes of attack and attack stages
Knowledge of system and application security threats and vulnerabilities
Knowledge of proactive analysis of systems and networks, to include creating trust levels of critical resources Education and Background Requirements:
Minimum 7-9 years incident management experience or cybersecurity operations experience with a High school diploma;
Or, Bachelor's degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity or related discipline, and with minimum 5-7 year of incident management experience or cybersecurity operations experience
For all labor categories, unless otherwise specified, the following education degrees may be substituted for years of experience in a related discipline:
Bachelor's Degree = Two (2) years of experience
Master's Degree = Three (3) years of experience
Ph.D. = Four (4) years of experience Employment Requirements:
Must have an active Top Secret/SCI security clearance or TS with SCI eligibility, verifiable in JPAS.
Must have excellent written and verbal communication skills Physical Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform the described essential functions of the job.
, or Cyber-Forensics Systems Analysts with active DoD TS/SCI eligible security clearance.
In this position you will:
Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
Document original condition of digital and/or associated evidence by taking photographs and collecting hash information
Assist team members in imaging digital media
Assist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
Use hashing algorithms to validate forensic images
Work with mentor to identify and understand adversary TTPs
Assist team members in analyzing the behaviors of malicious software
Under direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysis
Perform analysis of log files from a variety of sources to identify possible threats to computer security
Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
Assess evidentiary value by triaging electronic devices
Correlate forensic findings with network events to further develop an intrusion narrative
When available, collect and document system state information (running processes, network connections, etc.) prior to imaging
Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
Track and document forensic analysis from initial involvement through final resolution
Collect, process, preserve, analyze and present computer related evidence
Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
Assist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
Assist with leading and coordinating forensic teams in preliminary investigation
Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
Distill analytic findings into executive summaries and in-depth technical reports
Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
Track and document on-site incident response activities and provides updates to leadership throughout the engagement
Evaluate, extract and analyze suspected malicious code Core Competencies required include:
Use leading edge technologies and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
Follow proper evidence handling procedures and chain-of-custody protocols
Produce written reports documenting digital forensic findings
Determine programs that have been executed, and find files that have been changed on disk and in memory
Use timestamps and logs to develop authoritative timelines of activity
Identify and document case relevant file-system artifacts
Create forensically sound duplicates of evidence for use in data recovery and analysis
Perform all-source research for similar or related network events or incidents
Identify different classes of attack and attack stages
Knowledge of system and application security threats and vulnerabilities
Knowledge of proactive analysis of systems and networks, to include creating trust levels of critical resources Education and Background Requirements:
Minimum 7-9 years incident management experience or cybersecurity operations experience with a High school diploma;
Or, Bachelor's degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity or related discipline, and with minimum 5-7 year of incident management experience or cybersecurity operations experience
For all labor categories, unless otherwise specified, the following education degrees may be substituted for years of experience in a related discipline:
Bachelor's Degree = Two (2) years of experience
Master's Degree = Three (3) years of experience
Ph.D. = Four (4) years of experience Employment Requirements:
Must have an active Top Secret/SCI security clearance or TS with SCI eligibility, verifiable in JPAS.
Must have excellent written and verbal communication skills Physical Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform the described essential functions of the job.