Cyber Incident Response Analyst (Mid-Level) - Public Trust

Washington, DC

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Apply now Apply later

cFocus Software seeks a Cyber Incident Response Analyst (Mid-Level) to join our program supporting to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Public Trust clearance.

Qualifications:
  • Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
  • Ability to obtain a Public Trust clearance
  • US Citizenship
  • Certifications required: GCIA or GCIH or GSEC and Splunk Core Power User.
  • 5+ years of relevant experience.
Duties:
  • Performs forensic analysis on hosts supporting investigations.
  • Conducts malware analysis in out-of-band environment (static and dynamic), including complex malware.
  • Assist with knowledge management – Standard Operating Procedures and procedural support data.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or ServiceNow) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
  • IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
  • Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
  • Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
  • Perform live forensic analysis based on SIEM data (e.g., Splunk).
  • Perform filesystem timeline analysis for inclusion in forensic report.
  • Extract deleted data using data carving techniques.
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
  • Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
  • Write forensic and malware analysis reports.
Apply now Apply later
  • Share this job via
  • 𝕏
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Active Directory Azure Clearance Cloud EDR Forensics GCIA GCIH GSEC Incident response Linux MacOS Malware SIEM Splunk Windows

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.