Cloud Forensic Analyst IV
Nightwing · Arlington, VA · 2 mo ago
Information TechnologyFull-time
About the role
Nightwing supports a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services.
Responsibilities
- Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
- Triage electronic devices and assess evidentiary value
- Correlate forensic findings to network events in support of developing an intrusion narrative
- Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
- Perform forensic triage of an incident to include determining scope, urgency and potential impact
- Track and document forensic analysis from initial participation through resolution
- Collect, process, preserve, analyze and present computer related evidence
- Cook up with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
- Aid in documenting and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings
Requirements
- U.S. Citizenship
- Active TS/SCI clearance
- Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 10 years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
- In depth understanding of SaaS, PaaS and IaaS in the Cloud Environment
- Ability to create forensically sound duplicates of evidence (forensic images)
- Proficiency with analysis and characterization of cyber attacks
- Proficiency with proper evidence handling procedures and chain of custody protocols
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
- Action-oriented and have a proactive approach to problem solving
- Proficiency with common operating systems (e.g. Linux/Unix, Windows)
Desired Skills/CERTs/Education
- One or more of the following certifications: GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, AWS Practitioner, AWS Certified Developer, AWS Certified SysOps Administrator, AWS Certified Architect, Kubernetes Security Specialist
- MS-500: Microsoft 365 Security Administration
- AZ-900:Azure Fundamentals
- AZ-500: Azure Security Technologies
- AZ-303: Azure Architect Technologies
- AZ-304: Azure Architect Design
- MS-100: Microsoft 365 Identity and Services
- MS-101: Microsoft 365 Mobility and Security
- AZ-104: Azure Administrator SANS SEC 510, Public Cloud Security: AWS, Azure, and GCPSANS FOR509: Enterprise Cloud Forensics and Incident Response (BETA)
- SEC 541: Cloud Monitoring and Threat Detection
- SEC584: Cloud Native Security: Defending Containers and Kubernetes
- SEC588: Cloud Penetration testing
- AWS Certified Cloud Practitioner
- AWS Certified SysOps Administrator Associate or AWS Certified Developer Associate or AWS Certified Solutions Architect Associate
- AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional