Cyber Security - Digital Forensic Incident Response DFIR yst

Digital Forensic Incident Response (DFIR) yst

Onsite/Remote: Onsite

Location: Washington DC Need locals

Visa: USC only (Active TS Top Secret Clearance with eligibility to obtain SCI and p CI Poly)

Interview: Phone or video call; then inperson Interview travel reimbursement: NO

Ideal Sset years of experience

Sset

Actual Candidate ss years of exp

Required

Lives within commutable distance from Wash DC

Required

US Citizen

Required

Active TS Top Secret Clearance with eligibility to obtain SCI and p CI Poly

5 years

Experience as midlevel Digital Forensic Incident Response (DFIR) yst or directly related

Optional/Preferred

Experience working with either Federal Civilian DoD and U.S. Intelligence Communities.

5 years

Experience working for a cyber intelligencedriven firm or initiative

5 years

Crisis management incident response strategic communications and/or risk management

5 years

Supporting the facilitation of trainings or briefing sessions and ability to leverage available learning resources both internal and external

5 years

Adept knowledge of cybersecurity and incident response principles crisis management and emergency management principles

5 years

Usage of Microsoft Office products

5 years

work within a highly collaborative fastpaced dynamic environment

5 years

Strong IR and Digital forensics experience and cloud experience are preferred

Required

monitor network activity doent and report on information security issues and emerging trends

Required

Provide threat and vulnerability ysis

Monitor endpoint protection/detection for anomalies using designated escalation paths for remediation

Required

Review and monitor Security Information and Event Management (SIEM) log data for unauthorized access and initiate investigations if necessary

Required

Perform malware threat hunting using industryleading products and applications

Required

Participate in developing security strategies

Required

Perform against elished operational rhythm expectations and standards for the Security Operations Center (SOC) DFIR line of effort

Required

Perform advanced incident handling responsibilities with a direct interface with the ESOC management team

Required

Identify areas of improvement for SOC processes and tools to enhance the mission

Required

Excellent verbal and written communication ss

Required

excellent interpersonal ss including client management ss

Required

Must have English Native or bilingual proficiency

Required

Minimum education: Bachelors degree

Executive Summary:

Midlevel Digital Forensic Incident Response (DFIR) yst to support an exciting information operation intelligence ysis and cybersecurity requirement.

Position Description: The DFIR yst is responsible for preventing the escalation of severe security threats and providing reports to the security team. This position utilizes tools to minimize the effects of a security breach on the computer network and performs an ysis to ensure that computer networks are clear of threats.

Roles and Responsibilities:

• Conduct a full range of advanced professional duties required to monitor network activity doent and report on information security issues and emerging trends
• Provide threat and vulnerability ysis
• Monitor endpoint protection/detection for anomalies using designated escalation paths for remediation
• Review and monitor Security Information and Event Management (SIEM) log data for unauthorized access and initiate investigations if necessary
• Perform malware threat hunting using industryleading products and applications
• Participate in developing security strategies
• In addition the DFIR yst shall:
• Perform against elished operational rhythm expectations and standards for the Security Operations Center (SOC) DFIR line of effort
• Be part of the 24x7 operations of the FBI ESOC
• Perform advanced incident handling responsibilities with a direct interface with the ESOC management team
• Identify areas of improvement for SOC processes and tools to enhance the mission

Additional Qualifications:

The ideal candidate will have experience with four or more of the items below:

• Splunk Search Processing Language (SPL)
• Microsoft Defender for Endpoint (MDE)
• Microsoft Azure Sentinel
• Kusto Query Language (KQL)
• Linux Bash
• PowerS/CMD
• Networking intermediate level knowledge of computer networking
• Type 2 Hypervisor software such as VMware Workstation Pro VirtualBox HyperV
• Comfortable using various distributions of Linux.