DESCRIPTION OF PROJECT AND TASKS:
Statement of Work:
Provide support for U.S. Government customers for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel performs investigations to characterize of the severity of breaches, develop mitigation plans, and assist with the restoration of services. Seeking a Host-Based Cybersecurity Systems Analyst to support this critical customer mission. Responsibilities: Acquiring/collecting computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements.
Assessing evidentiary value by triaging electronic devices – Correlating forensic findings with network events to further develop an intrusion narrative – When available, collecting and documenting system state information (running processes, network connections, etc.) prior to imaging – Performing incident triage from a forensic perspective to include determining scope, urgency and potential impact – Tracking and documenting forensic analysis from initial involvement through final resolution – Collecting, processing, preserving, analyzing and presenting computer related evidence – Coordinating with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings – Conducting analysis of forensic images and other available evidence and drafting forensic write-ups for inclusion in reports and other written products – Assisting in documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies – Assisting in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report – Assisting team members in imaging digital media – Assisting in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems – Using hashing algorithms to validate forensic images – Under direct guidance and coaching if needed, locating critical items in various file systems to aid more senior personnel in their analysis – Performing analysis of log files from a variety of sources to identify possible threats to computer security – Using leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions – Determining programs that have been executed, finding files that have been changed on disk and in memory.
Required skills/Level of Experience:
U.S. Citizenship – Must have an active TS/SCI clearance – Must be able to obtain DHS Suitability – 2+ years of directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools – Ability to create forensically sound duplicates of evidence (forensic images) – Able to write cyber investigative reports documenting digital forensics findings – Experience with the analysis and characterization of cyber-attacks – Experience with proper evidence handling procedures and chain of custody protocols – Skilled in identifying different classes of attacks and attack stages – Knowledge of system and application security threats and vulnerabilities – Knowledgeable in the proactive analysis of systems and networks, to include creating trust levels of critical resources – Must be able to work collaboratively across physical locations
Desired Skills: – Must have 2+ years experience with two or more of the following tools:
— Sleuth Kit/Autopsy
— Experience with conducting all-source research