cFocus Software Incorporated
Malware and Forensic Analyst (Senior)
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
Overview
cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. Required Qualifications
5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS). 5 years of experience utilizing the following forensics tools:
Magnet AXIOM to acquire, analyze, and report on digital evidence; SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis; Encase to collect, analyze, and report on digital evidence; Velociraptor to collect and analyze data from multiple endpoints; KAPE (Eric Zimmerman’s tools) to collect and process files; SUMURI TALINO Workstations/Laptops; Cellebrite; Bi-Weekly Threat Assessment Reports (BTARs).
Must have ability to perform required forensics/malware analyst duties, including:
Create duplicates of evidence that ensure the original evidence is not unintentionally modified; Extracting deleted data using data carving techniques; Performing static and dynamic malware analysis to discover indicators of compromise (IOCs).
Must be able to work 80% (Monday through Thursday) onsite at the AOUSC office in Washington, DC. Desired Qualifications
One of the following certifications:
GIAC Certified Intrusion Analyst (GCIA); GIAC Certified Incident Handler (GCIH); GIAC Continuous Monitoring (GMON); GIAC Defending Advanced Threats (GDAT); Splunk Core Power User; EnCase Certified Examiner; Sans GCFA; Volatility Certified.
Duties
Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing for informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government. Accept and respond to government technical requests through the AOUSC ITSM ticketing system (e.g., HEAT or ServiceNow) for advanced SME technical investigative support for real-time incident response (IR). IR includes cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler). Create duplicates of evidence that ensure the original evidence is not unintentionally modified, as per AOUSC procedures and tools. Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause. Perform live forensic analysis based on SIEM data (e.g., Splunk). Perform filesystem timeline analysis for inclusion in forensic report. Extract deleted data using data carving techniques. Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Perform static and dynamic malware analysis to discover indicators of compromise (IOC). Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report. Additional forensics/malware analysis activities may include:
Identify cyber security threats and incidents with clear articulation of potential threats and actualized risks. Objectively measure reduction of adversary dwell time within judicial networks. Perform comprehensive analysis of security incidents for identification of root cause in support of detection improvements and risk mitigations.
Deliverables
Image Duplication: Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM (Heat or Service Now). Deleted Files: Deleted files supplied to the requestor. Advanced SME IR Reports: Timely Advanced SME IR support for Priority 1 security events. SME actively participating in IR activities within 4 hours of request (7x24x365). Incident Reports: All forensic reports include a timeline with network, endpoint, and application events (if available). The report contains all data required, is free from grammar, spelling, content errors, and submitted in the specified times stated in the deliverable section. Forensic Reports: Document the results of a forensic investigation. Report will include a table of contents, executive summary, timeline of events, and a conclusion. Malware Analysis Reports: Document the results of analyzing a specific malware specimen. Report shall include a table of contents, executive summary, technical details, indication of persistence mechanisms and a conclusion. Weekly Reports to the AOUSC Program Manager documenting all activities, tasks, tickets, and documents worked on. Document repeatable Standard Operating Procedures (SOPs) and playbooks for security use cases.
#J-18808-Ljbffr
cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. Required Qualifications
5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS). 5 years of experience utilizing the following forensics tools:
Magnet AXIOM to acquire, analyze, and report on digital evidence; SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis; Encase to collect, analyze, and report on digital evidence; Velociraptor to collect and analyze data from multiple endpoints; KAPE (Eric Zimmerman’s tools) to collect and process files; SUMURI TALINO Workstations/Laptops; Cellebrite; Bi-Weekly Threat Assessment Reports (BTARs).
Must have ability to perform required forensics/malware analyst duties, including:
Create duplicates of evidence that ensure the original evidence is not unintentionally modified; Extracting deleted data using data carving techniques; Performing static and dynamic malware analysis to discover indicators of compromise (IOCs).
Must be able to work 80% (Monday through Thursday) onsite at the AOUSC office in Washington, DC. Desired Qualifications
One of the following certifications:
GIAC Certified Intrusion Analyst (GCIA); GIAC Certified Incident Handler (GCIH); GIAC Continuous Monitoring (GMON); GIAC Defending Advanced Threats (GDAT); Splunk Core Power User; EnCase Certified Examiner; Sans GCFA; Volatility Certified.
Duties
Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing for informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government. Accept and respond to government technical requests through the AOUSC ITSM ticketing system (e.g., HEAT or ServiceNow) for advanced SME technical investigative support for real-time incident response (IR). IR includes cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler). Create duplicates of evidence that ensure the original evidence is not unintentionally modified, as per AOUSC procedures and tools. Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause. Perform live forensic analysis based on SIEM data (e.g., Splunk). Perform filesystem timeline analysis for inclusion in forensic report. Extract deleted data using data carving techniques. Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Perform static and dynamic malware analysis to discover indicators of compromise (IOC). Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report. Additional forensics/malware analysis activities may include:
Identify cyber security threats and incidents with clear articulation of potential threats and actualized risks. Objectively measure reduction of adversary dwell time within judicial networks. Perform comprehensive analysis of security incidents for identification of root cause in support of detection improvements and risk mitigations.
Deliverables
Image Duplication: Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM (Heat or Service Now). Deleted Files: Deleted files supplied to the requestor. Advanced SME IR Reports: Timely Advanced SME IR support for Priority 1 security events. SME actively participating in IR activities within 4 hours of request (7x24x365). Incident Reports: All forensic reports include a timeline with network, endpoint, and application events (if available). The report contains all data required, is free from grammar, spelling, content errors, and submitted in the specified times stated in the deliverable section. Forensic Reports: Document the results of a forensic investigation. Report will include a table of contents, executive summary, timeline of events, and a conclusion. Malware Analysis Reports: Document the results of analyzing a specific malware specimen. Report shall include a table of contents, executive summary, technical details, indication of persistence mechanisms and a conclusion. Weekly Reports to the AOUSC Program Manager documenting all activities, tasks, tickets, and documents worked on. Document repeatable Standard Operating Procedures (SOPs) and playbooks for security use cases.
#J-18808-Ljbffr