Job Description

divh2Malware And Forensic Analyst (Senior)/h2pcFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. This position has remote capabilities. Required qualifications include:/pulli5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)/lili5 years of experience utilizing the following forensics tools: Magnet AXIOM to acquire, analyze, and report on digital evidence; SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis; Encase to collect, analyze, and report on digital evidence; Velociraptor to collect and analyze data from multiple endpoints; KAPE (Eric Zimmermans tools) to collect and process files; SUMURI TALINO Workstations/Laptops Cellebrite Bi-Weekly Threat Assessment Reports (BTARs)/li/ulpMust have ability to perform required forensics/malware analyst duties, including:/pulliCreate duplicates of evidence that ensure the original evidence is not unintentionally modified/liliExtracting deleted data using data carving techniques/liliPerforming static and dynamic malware analysis to discover indicators of compromise (IOCs)/lipMust be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC. Desired qualifications include:/pulliOne of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User EnCase Certified Examiner SANS GCFA Volatility/li/ulpDuties:/pulliProvides digital forensics and incident response support to the AOUSC Security Operations Center (SOC)/liliCollects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks/liliAccept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR)/liliCreate duplicates of evidence that ensure the original evidence is not unintentionally modified/liliAnalyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause/liliPerform live forensic analysis based on SIEM data (e.g., Splunk)/liliPerform filesystem timeline analysis for inclusion in forensic report/liliExtract deleted data using data carving techniques/liliCollect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC/liliPerform static and dynamic malware analysis to discover indicators of compromise (IOC)/liliAnalyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility)/li/ulpDeliverables:/pulliImage Duplication: Duplication of evidence for processing by multiple analysts/liliRequests received via AOUSC ITSM (Heat or Service Now)/liliDeleted Files: Deleted files supplied to requestor/liliAdvanced SME IR Reports: Timely Advanced SME IR Support for Priority 1 Security Events/liliSME actively participating in IR activities within 4 hours of request (7x24x365)/liliIncident Reports: All forensic reports include a timeline/liliForensic Reports: Document the results of a forensic investigation/liliMalware Analysis Reports: Document the results of analyzing a specific malware specimen/liliProvide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on/liliDocument repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases/li/ul/ul/div

Job Tags

Similar Jobs