cFocus Software seeks a Cyber Incident Response Analyst (Mid-Level) to join our program supporting to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Public Trust clearance.
Qualifications:-
Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
-
Ability to obtain a Public Trust clearance
-
US Citizenship
-
Certifications required: GCIA or GCIH or GSEC and Splunk Core Power User.
-
5+ years of relevant experience.
Duties:-
Performs forensic analysis on hosts supporting investigations.
-
Conducts malware analysis in out-of-band environment (static and dynamic), including complex malware.
-
Assist with knowledge management – Standard Operating Procedures and procedural support data.
-
Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or ServiceNow) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
- IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
-
Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
-
Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
-
Perform live forensic analysis based on SIEM data (e.g., Splunk).
-
Perform filesystem timeline analysis for inclusion in forensic report.
-
Extract deleted data using data carving techniques.
-
Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
-
Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
-
Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
-
Write forensic and malware analysis reports.
ucruTAXlnx