Gray Tier Technologies is looking for a Host Based Systems Analyst to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation's cyber and communications infrastructure while providing front-line response for cyber incidents and hunting for malicious cyber activity. Our team performs HIRT investigations to develop a diagnosis of the severity of breaches. Contract personnel provide a front-line response for digital forensics/incident response and proactively hunt for malicious cyber activity for this critical customer mission.
Core Competencies:
- Uses leading-edge technology and industry-standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
- Follows proper evidence handling procedures and chain of custody protocols
- Produces written reports documenting digital forensic findings
- Determines programs that have been executed, finds files that have been changed on disk and in memory
- Uses timestamps and logs (host and network) to develop authoritative timelines of activity
- Finds evidence of deleted files and hidden data
- Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
- Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
- Performs all-source research for similar or related network events or incidents
- Skill in identifying different classes of attacks and attack stages
- Knowledge of system and application security threats and vulnerabilities
- Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
Requirements
- (7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)
- Proficiency level III includes all skills defined at level II in addition to the following:
- Assists with leading and coordinating forensic teams in preliminary investigation
- Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
- Distills analytic findings into executive summaries and in-depth technical reports
- Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
- Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
- Evaluates, extracts and analyzes suspected malicious code