Host Forensics Analyst

Job Type: Full-Time

Workplace Type: Onsite

Clearance: TS/SCI and able to obtain DHS Suitability

Must be a U.S. Citizen

Benefits: Medical, dental, and vision coverage, 401k matching, generous PTO, paid holidays, professional training opportunities, and even pet insurance to ensure your furry friends are cared for too.

Job Summary

The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front line response for cyber incidents and proactively hunting for malicious cyber activity. Castalia Systems performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. Castalia provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. Castalia is seeking Host Forensics Analysts to support this critical customer mission.

Roles and Responsibilities

A qualified candidate will perform the following duties and responsibilities, but are not limited to:

• Assisting Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating data collection/acquisition operations.
• Providing technical assistance on data collection techniques and forensic investigative techniques to appropriate personnel when necessary.
• Writing in-depth reports, supports with peer reviews and provides quality assurance reviews for junior personnel.
• Supporting forensic analysis and mentoring/providing guidance to others on data collection, analysis and reporting in support of onsite engagements.
• Assisting with leading and coordinating forensic teams in preliminary investigation.
• Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer systems and digital artifacts.
• Distilling analytic findings into executive summaries and in-depth technical reports.
• Serving as technical forensics liaison to stakeholders and explaining investigation details to include forensic methodologies and protocols.
• Tracking and documenting on-site incident response activities and providing updates to leadership throughout the engagement.
• Traveling to incident response locations in the United States, Territories & Possessions.
• Evaluating, extracting and analyzing suspected malicious code.

Knowledge and Skills

• 8+ years of directly relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools.
• Ability to create forensically sound duplicates of computer systems (forensic images).
• Able to write cyber investigative reports documenting digital forensics findings.
• Experience with the analysis and characterization of cyber attacks.
• Experience with proper digital asset collection and preservation procedures and chain of custody protocols.
• Skilled in identifying different classes of attacks and attack stages.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources.
• Must be able to work collaboratively across physical locations.

Desired Skills:

• Experience with or knowledge of two or more of the following tools:
  • EnCase
  • SIFT
  • X-Ways
  • Volatility
  • WireShark
  • Sleuth Kit/ Autopsy
  • Magnet Axiom Cyber
  • Snort
  • Splunk or other SIEM Tools (ArcSight, LogRythm, Elastic, Etc.)
  • Other EDR Tools (Crowdstrike, MDE, Trellix, Etc)
• Proficiency with conducting all-source research.

Education

• BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics experience.

Desired Certifications:

• GCFA, GCFE, EnCE, CCE, CFCE, CISSP

Physical Requirements/Work Environment

• Typical office environment

Travel

• Not required

Company Description

Castalia Systems is a proven business partner providing mission critical solutions to the Federal Government. We provide cutting edge solutions from Securing and Managing Data to Systems Engineering and Development. Castalia Systems is a pioneer in Artificial Intelligence Design and Application.

With our vast knowledge of our customers needs and relevant technology, our team is able to bring successful solutions to every mission. We are one-upping our competitors by providing premium IT solutions and platforms with a cutting edge technology so it’s so evident when you compare us with anyone.

Disclaimer

Castalia Systems is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.