Host Based Systems Analyst - IV – SME with Security Clearance
Apply NowCompany: Base One Technologies
Location: Arlington, VA 22202
Description:
Responsibilities:
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
Collects network device integrity data and analyze for signs of tampering or compromise
Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence
Serving as technical forensics liaison to stakeholders and explaining investigation details Required Skills:
U.S. Citizenship
Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability
8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
Experience with reconstructing a malicious attack or activity
Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
Ability to create forensically sound duplicates of evidence (forensic images)
Able to write cyber investigative reports documenting forensics findings
In depth knowledge and experience of:
identifying different classes and characterization of attacks and attack stages
CND policies, procedures and regulations
proactive analysis of systems and networks, to include creating trust levels of critical resources
system and application security threats and vulnerabilities of network topologies, Wi-Fi Networking, and TCP/IP protocols
Splunk (or other SIEMs)
Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame
MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
Must be able to work collaboratively across physical locations. Desired Skills:
Experience and proficiency with the following tools and techniques:
EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
EDR Tools: Crowdstrike, Carbon Black, Etc
Carving and extracting information from PCAP data
Non-traditional network traffic: Command and Control
Preserving evidence integrity according to national standards
Designing cyber security systems and environments in a Linux environment
Virtualized environments
Conducting all-source research Required Education:
8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience Desired Certifications:
- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
Collects network device integrity data and analyze for signs of tampering or compromise
Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence
Serving as technical forensics liaison to stakeholders and explaining investigation details Required Skills:
U.S. Citizenship
Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability
8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
Experience with reconstructing a malicious attack or activity
Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
Ability to create forensically sound duplicates of evidence (forensic images)
Able to write cyber investigative reports documenting forensics findings
In depth knowledge and experience of:
identifying different classes and characterization of attacks and attack stages
CND policies, procedures and regulations
proactive analysis of systems and networks, to include creating trust levels of critical resources
system and application security threats and vulnerabilities of network topologies, Wi-Fi Networking, and TCP/IP protocols
Splunk (or other SIEMs)
Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame
MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
Must be able to work collaboratively across physical locations. Desired Skills:
Experience and proficiency with the following tools and techniques:
EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
EDR Tools: Crowdstrike, Carbon Black, Etc
Carving and extracting information from PCAP data
Non-traditional network traffic: Command and Control
Preserving evidence integrity according to national standards
Designing cyber security systems and environments in a Linux environment
Virtualized environments
Conducting all-source research Required Education:
8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience Desired Certifications:
- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA