cFocus Software seeks a Cyber Incident Response Analyst (Mid-Level) to join our program supporting to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Public Trust clearance.
Qualifications:
- Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
- Ability to obtain a Public Trust clearance
- US Citizenship
- Certifications required: GCIA or GCIH or GSEC and Splunk Core Power User.
- 5+ years of relevant experience.
Duties:
- Performs forensic analysis on hosts supporting investigations.
- Conducts malware analysis in out-of-band environment (static and dynamic), including complex malware.
- Assist with knowledge management – Standard Operating Procedures and procedural support data.
- Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or ServiceNow) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
- IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
- Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
- Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
- Perform live forensic analysis based on SIEM data (e.g., Splunk).
- Perform filesystem timeline analysis for inclusion in forensic report.
- Extract deleted data using data carving techniques.
- Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
- Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
- Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
- Write forensic and malware analysis reports.