Jobs · Information Technology · Virginia

Cloud Forensic Analyst IV

Nightwing · Arlington, VA · 2 mo ago
Information TechnologyFull-time

About the role

Nightwing supports a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services.

Responsibilities

  • Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
  • Triage electronic devices and assess evidentiary value
  • Correlate forensic findings to network events in support of developing an intrusion narrative
  • Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
  • Perform forensic triage of an incident to include determining scope, urgency and potential impact
  • Track and document forensic analysis from initial participation through resolution
  • Collect, process, preserve, analyze and present computer related evidence
  • Cook up with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
  • Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
  • Aid in documenting and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings

Requirements

  • U.S. Citizenship
  • Active TS/SCI clearance
  • Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
  • 10 years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
  • In depth understanding of SaaS, PaaS and IaaS in the Cloud Environment
  • Ability to create forensically sound duplicates of evidence (forensic images)
  • Proficiency with analysis and characterization of cyber attacks
  • Proficiency with proper evidence handling procedures and chain of custody protocols
  • Skilled in identifying different classes of attacks and attack stages
  • Understanding of system and application security threats and vulnerabilities
  • Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
  • Action-oriented and have a proactive approach to problem solving
  • Proficiency with common operating systems (e.g. Linux/Unix, Windows)

Desired Skills/CERTs/Education

  • One or more of the following certifications: GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, AWS Practitioner, AWS Certified Developer, AWS Certified SysOps Administrator, AWS Certified Architect, Kubernetes Security Specialist
  • MS-500: Microsoft 365 Security Administration
  • AZ-900:Azure Fundamentals
  • AZ-500: Azure Security Technologies
  • AZ-303: Azure Architect Technologies
  • AZ-304: Azure Architect Design
  • MS-100: Microsoft 365 Identity and Services
  • MS-101: Microsoft 365 Mobility and Security
  • AZ-104: Azure Administrator SANS SEC 510, Public Cloud Security: AWS, Azure, and GCPSANS FOR509: Enterprise Cloud Forensics and Incident Response (BETA)
  • SEC 541: Cloud Monitoring and Threat Detection
  • SEC584: Cloud Native Security: Defending Containers and Kubernetes
  • SEC588: Cloud Penetration testing
  • AWS Certified Cloud Practitioner
  • AWS Certified SysOps Administrator Associate or AWS Certified Developer Associate or AWS Certified Solutions Architect Associate
  • AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional

Similar jobs

Cloud Engineer IV

Boston Children's HospitalBoston, MA· 2 wk ago
Information Technology$133k–$212k/yrapply on bostonchildrenshospital.contacthr.com