The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactively hunting for malicious cyber activity. Performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. Provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.
Responsibilities:
– Assisting Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating evidence collection operations
– Providing technical assistance on digital evidence matters and forensic investigative techniques to appropriate personnel when necessary
– Writing in-depth reports, supporting with peer reviews, and providing quality assurance reviews for junior personnel
– Supporting forensic analysis and mentoring/guiding others on data collection, analysis, and reporting in support of onsite engagements.
– Assisting with leading and coordinating forensic teams in preliminary investigation
– Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence
– Distilling analytic findings into executive summaries and in-depth technical reports
– Serving as technical forensics liaison to stakeholders and explaining investigation details, including forensic methodologies and protocols
– Tracking and documenting on-site incident response activities and providing updates to leadership throughout the engagement
– Evaluating, extracting, and analyzing suspected malicious code
Host-Based Systems Analyst IV – 10+ years of network investigations experience.
Required Skills:
– U.S. Citizenship
– Must have an active TS/SCI clearance
– Must be able to obtain DHS Suitability
– Directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools
– Ability to create forensically sound duplicates of evidence (forensic images)
– Able to write cyber investigative reports documenting digital forensics findings
– Experience with the analysis and characterization of cyber attacks
– Experience with proper evidence handling procedures and chain of custody protocols
– Skilled in identifying different classes of attacks and attack stages
– Knowledge of system and application security threats and vulnerabilities
– Knowledgeable in proactive analysis of systems and networks, including creating trust levels of critical resources
– Must be able to work collaboratively across physical locations.
Desired Skills:
— Experience with or knowledge of two or more of the following tools:
— EnCase
— FTK
— SIFT
— X-Ways
— Volatility
— WireShark
— Sleuth Kit/Autopsy
— Splunk
— Snort
— Other EDR Tools (Crowdstrike, Carbon Black, Etc)
— Proficiency with conducting all-source research.
Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and host or digital forensics experience
Desired Certifications:
– GCFA, GCFE, EnCE, CCE, CFCE, CISSP