Principal Network and Host Forensics and Incident Response Analyst (Principal Cyber Security Analyst)

Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the U.S. National Nuclear Security Administration (NNSA).  Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations, engineering, education, field, and integration services and by acting as environmental stewards to the Site’s Cold War legacy.  Our VISION is to be the user site of choice for large-scale, high-hazard, national security experimentation, with premier facilities and capabilities below ground, on the ground, and in the air. (See NNSS.gov for our unique capabilities.) Our 2,750+ professional, craft, and support employees are called upon to innovate, collaborate, and deliver on some of the more difficult nuclear security challenges facing the world today.  

• MSTS offers our full-time employees highly competitive salaries and benefits packages including medical, dental, and vision; both a pension and a 401k; paid time off and 96 hours of paid holidays; relocation (if located more than 75 miles from work location); tuition assistance and reimbursement; and more.  
• MSTS is a limited liability company consisting of Honeywell International Inc. (Honeywell), Jacobs Engineering Group Inc. (Jacobs), and HII Nuclear Inc.

MSTS is seeking a highly experienced cybersecurity professional that specializes in investigating and analyzing digital evidence across both network traffic and hosts to detect possible security breaches, malicious activity, and threats. 

Key Responsibilities

• Perform investigations into security incidents, coordinating with other cybersecurity teams to detect, respond to, contain, and remediate threats against IT assets.
• Proactively search for potential threats across the network and host systems using advanced analysis techniques. 
• Monitor intrusion detection/prevention systems (IDS/IPS), Security Event and Incident Management (SEIM) tools, endpoint security tools, email gateways, firewalls, network infrastructure, and other appliances for security issues. 
• Create logical and physical forensic images of digital evidence via the network or directly from hosts. 
• Analyze host-based indicators of compromise or network traffic and analyze additional log, forensic, malware, or other incident response related data, as needed. 
• Seize digital evidence in support of investigations and conduct host-based and network-based forensic analysis of digital evidence. 
• Create detailed reports of investigative activity for consumption by internal and external organizations such as Human Resources, the Legal Department, Information Security Officers, and local, state, and federal law enforcement. 
• Conduct digital investigations involving breaches of Information Technology (IT) infrastructure, forensic investigations, legal and privacy issues requiring digital investigations, and network forensic investigations handling large scale, complex post-incident investigations, where techniques such as network forensics, malware reverse engineering, log analysis, timeline creation, and host-based forensics have been applied. 
• Have deep understanding of high-tech investigations including the skills, techniques, and tools necessary for conducting live forensics on critical systems and be able to produce detailed analysis of the root cause of any incidents. 
• Conduct detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis, impact assessments, and rapid response to aid detection of those responsible and make recommendations to assist in prevention of similar incidents. 
• Have the ability to conduct reverse engineering of malware and other suspicious code and report the findings and to focus on projects of substantial complexity and broad scope requiring interdisciplinary coordination. 
• Leverage practical experience to independently perform host based forensic investigations to establish user activity on systems. 
• Independently plan, schedule, and direct projects that are guided by established objectives, budgets, and schedules. 
• Assist in researching, compiling, and analyzing technical data. 
• Be relied upon to multitask as required between responsibilities. 
• Review Cyber Security threat information and assist with mitigating vulnerabilities that are identified. 
• Develop standards, practices, and procedures, as well as increase technical knowledge to solve problems and complete projects. 
• Contribute to an overall productive and respectful work environment by providing excellent customer service and work in a positive, collegial manner by maintaining cooperative and respectful working relationships with Cyber Security staff, other divisions, and customers. 
• Perform related duties as assigned. 

• Bachelor’s degree or equivalent training and experience in a computer-related field and at least 8 years of related experience. 
• A strong Systems Administration experience with Windows and Linux. 
• A strong Network Administration experience. 
• A strong Network and Host Forensics Background. 
• Demonstrate a thorough understanding of advanced principles, theories, standards, practices, and protocols of forensic hardware and software, as well as procedures used in Digital Forensics/Incident Response. 
• An understanding of the Windows Operating System and command line tools, network protocols, and TCP/IP fundamentals. 
• An understanding of the Mc Operating System and command line tools. 
• An understanding of the *Nix Operating System and command line tools. 
• Ability to conduct forensic analysis of mobile devices including Android, iOS, Blackberry, and other cellular and tablet devices. 
• An understanding of file system forensics including HFS, NTFS, FAT, EXT, and CDFS. 
• Ability to conduct forensic analysis on Windows XP, Vista 7, 8, 10, and 11 files systems, Max OSX, and various *Nix platforms. 
• Knowledge of network-based services and client/server applications, familiarity with intrusion detection systems, network architecture and security infrastructure placement. 
• Knowledge of Cyber Security vulnerabilities, mitigation strategies, network architecture, and how to apply security controls. 
• Ability to articulate highly technical processes and information to a non-technical audience. 
• Ability to render credible testimony in a court of law. 
• Experience working in computer forensics and other related fields with experience in support of conducting investigations relating to IT systems used in fraud, internal code of conduct violations, privacy, legal, and compliance related events. 
• Experience with working with a broad variety of computer forensic hardware and software (preferably familiar with EnCase, FTK, and other forensic suites) and incident investigation tools and techniques. 
• Ability to investigate large data compromise events to mitigate risk to data compromise events and investigating insider threats and incidents. 
• Knowledge of computer forensic best practices and industry standard methodologies for responding to network threats. 
• Ability to conduct online investigations and gather intelligence. 
• Ability to understand policies, procedures, laws, regulations, and other directives. 
• Ability to maintain strict confidentiality. 
• Ability to communicate effectively in English, both verbally and in writing, sufficient enough to communicate with co-workers, customers, testify, and write clear and concise reports, gather information, and collect information. 
• Ability to use multiple electronic devices including standard office machines, cellular phones, and security appliances. 
• Ability to meet the physical requirements necessary to safely and effectively perform all assigned duties. 
• Ability to pass a federal background and obtain a “Q” clearance. 
• Preferred Certifications:
  • AccessData Certified Examiner (ACE)
  • Certified Forensic Computer Examiner (CFCE)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • Certified Electronic Evidence Collection Specialist (CEECS)
  • Certified Computer Examiner (CCE)
  • EnCase Certified Examiner (EnCE) 
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Security Essentials (GSEC)
  • Certified Information Systems Security Professional (CISSP) 
• The primary work location will be at the Losee Road facility in North Las Vegas, Nevada. Work at the National Security Site (located 65 miles northwest of Las Vegas, Nevada) may be required in support of these functions. 
• Work schedule for this position will be 4/10's, Monday - Thursday (subject to change). 
• Pre-placement physical examination, which includes a drug screen, is required. MSTS maintains a substance abuse policy that includes random drug testing. 
• Must possess a valid driver's license. 

MSTS is required by DOE directive to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants offered employment with MSTS are also subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment. In addition, Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship, at least 18 years of age. Reference DOE Order 472.2, “Personnel Security”. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

Department of Energy Q Clearance (position will be cleared to this level). Reviews and tests for the absence of any illegal drug as defined in 10 CFR Part 707.4, “Workplace Substance Abuse Programs at DOE Sites,” will be conducted.  Applicant selected will be subject to a Federal background investigation, required to participate in subsequent reinvestigations, and must meet the eligibility requirements for access to classified matter. Successful completion of a counterintelligence evaluation, which may include a counterintelligence-scope polygraph examination, may also be required. Reference 10 CFR Part 709, “Counterintelligence Evaluation Program.”

MSTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, veteran status or other characteristics protected by law. MSTS is a background screening, drug-free workplace.

Annual salary range for this position is: $116,001.60 - $176,904.00.

Starting salary is determined based on the position market value, the individual candidate education and experience and internal equity.