isecjobs.com

NetWitness Cyber Incident Response Analyst (Senior)

Washington, DC

Applications have closed
cFocus Software Incorporated logo

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Find more jobs like this Jobs in the United States

cFocus Software seeks a NetWitness Cyber Incident Response Analyst (Senior) to join our program supporting the Administrative Offices of the United States Courts in Washington, DC. This position requires an active Public Trust clearance.

Qualifications:
  • Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
  • Active Public Trust clearance.
  • NetWitness Certified XDR Administrator 
  • Hold active certifications such as GCIA or GCIH or GSEC or GMON, and Splunk Core Power User.
  • 7+ years of relevant experience.
Duties:
  • Assist with implementation of RSA NetWiitness 
  • Perform a binary analysis and produce a report on what are the exploits that could potentially be available to an attacker and countermeasures to mitigate the exposure of those exploits
  • Support the development of staff schedules and staffing forecasts for approval.
  • Ensure shift members follow the appropriate incident escalation and reporting procedures.
  • Provide support promptly and efficiently through front-line telephone and email communications.
  • Assist with knowledge management – Standard Operating Procedures and procedural support data.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or ServiceNow) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
  • IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
  • Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
  • Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
  • Perform live forensic analysis based on SIEM data (e.g., Splunk).
  • Perform filesystem timeline analysis for inclusion in forensic report.
  • Extract deleted data using data carving techniques.
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
  • Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
  • Write forensic and malware analysis reports.
Find more jobs like this Jobs in the United States

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  7  0  0
Categories: Analyst Jobs Incident Response Jobs

Tags: Active Directory Azure Clearance Cloud EDR Exploits Forensics GCIA GCIH GSEC Incident response Linux MacOS Malware RSA SIEM Splunk Windows XDR

Region: North America
Country: United States

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Senior Security Analyst jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Penetration Tester jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Engineer jobsSystems Administrator jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsCloud Security Architect jobsIT Security Analyst jobsPrincipal Security Engineer jobsStaff Security Engineer jobsSecurity Operations Analyst jobsCybersecurity Specialist jobs
DevSecOps jobsKubernetes jobsEncryption jobsPowerShell jobsIDS jobsSplunk jobsSaaS jobsEDR jobsSDLC jobsIPS jobsRMF jobsSQL jobsTop Secret jobsIntrusion detection jobsBash jobsCompTIA jobsThreat detection jobsITIL jobsFinance jobsOWASP jobsDoDD 8570 jobsCRISC jobsDocker jobsActive Directory jobsBanking jobs
UNIX jobsTCP/IP jobsVPN jobsGIAC jobsTerraform jobsSANS jobsClearance Required jobsIT infrastructure jobsHIPAA jobsSOX jobsSOC 2 jobsOSCP jobsCISO jobsIndustrial jobsJavaScript jobsCCSP jobsData Analytics jobsDNS jobsSOAR jobsPolygraph jobsJira jobsAnsible jobsMITRE ATT&CK jobsCyber defense jobsGCIH jobs