Job Description

Malware And Forensic Analyst (Senior)

cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. This position has remote capabilities. Required qualifications include:

• 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)
• 5 years of experience utilizing the following forensics tools: Magnet AXIOM to acquire, analyze, and report on digital evidence; SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis; Encase to collect, analyze, and report on digital evidence; Velociraptor to collect and analyze data from multiple endpoints; KAPE (Eric Zimmerman's tools) to collect and process files; SUMURI TALINO Workstations/Laptops Cellebrite Bi-Weekly Threat Assessment Reports (BTARs)

Must have ability to perform required forensics/malware analyst duties, including:

• Create duplicates of evidence that ensure the original evidence is not unintentionally modified
• Extracting deleted data using data carving techniques
• Performing static and dynamic malware analysis to discover indicators of compromise (IOCs)

Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC. Desired qualifications include:

• One of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User EnCase Certified Examiner SANS GCFA Volatility

Duties:

• Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC)
• Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks
• Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR)
• Create duplicates of evidence that ensure the original evidence is not unintentionally modified
• Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause
• Perform live forensic analysis based on SIEM data (e.g., Splunk)
• Perform filesystem timeline analysis for inclusion in forensic report
• Extract deleted data using data carving techniques
• Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC
• Perform static and dynamic malware analysis to discover indicators of compromise (IOC)
• Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility)

Deliverables:

• Image Duplication: Duplication of evidence for processing by multiple analysts
• Requests received via AOUSC ITSM (Heat or Service Now)
• Deleted Files: Deleted files supplied to requestor
• Advanced SME IR Reports: Timely Advanced SME IR Support for Priority 1 Security Events
• SME actively participating in IR activities within 4 hours of request (7x24x365)
• Incident Reports: All forensic reports include a timeline
• Forensic Reports: Document the results of a forensic investigation
• Malware Analysis Reports: Document the results of analyzing a specific malware specimen
• Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on
• Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases

Job Tags

Similar Jobs