Host Based Systems Analyst Lead III | Systems Analyst

at Abbtech Professional Resources
Location Arlington, VA
Date Posted January 9, 2022
Category Default
Job Type Full-time

Description

Host Based Systems Analyst Lead III

Location: Arlington, VA

Clearance: An existing TS/SCI Clearance is required, existing DHS Suitability is desired

The Host Based Systems Analyst Lead requires proficiency and proven capability in the below areas:

Core Competencies

  • Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
  • Follows proper evidence handling procedures and chain of custody protocols
  • Produces written reports documenting digital forensic findings
  • Determines programs that have been executed, finds files that have been changed on disk and in memory
  • Uses timestamps and logs (host and network) to develop authoritative timelines of activity
  • Finds evidence of deleted files and hidden data
  • Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
  • Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
  • Performs all-source research for similar or related network events or incidents
  • Skill in identifying different classes of attacks and attack stages
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
  • Desired Certifications: - GCFA, GCFE, EnCE, CCE, CFCE, CISSP

Additional Requirements

  • Assists with leading and coordinating forensic teams in preliminary investigation
  • Plans, coordinates and directs inventory, examination, and comprehensive technical analysis of computer related evidence
  • Distills analytic findings into executive summaries and in depth technical reports
  • Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
  • Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
  • Evaluates. extracts, and analyzes suspected malicious code
  • Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
  • Assesses evidentiary value by triaging electronic devices
  • Correlates forensic findings with network events to further develop an intrusion narrative
  • When available, collects and documents system state information (running processes, network connections, etc.) prior to imaging
  • Performs incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
  • Tracks and documents forensic analysis from initial involvement through final resolution
  • Collects, processes, preserves, analyzes and presents computer related evidence
  • Coordinates with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
  • Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
  • Assists to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies

EDUCATION & EXPERIENCE REQUIRED:
(7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)

ABBTECH is an EOE/Minorities/Women/Disabled Individuals/Veterans

Drop files here browse files ...