cFocus Software Incorporated
Malware and Forensic Analyst (Senior)
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
Overview
cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. Required Qualifications include: 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes
of operating systems (e.g.,
Windows, Linux, and macOS ) 5 years of experience utilizing the following forensics tools :
Magnet AXIOM
to acquire, analyze, and report on digital evidence SANS SIFT Workstation
for disk/memory analysis, network forensics, and malware analysis Encase
to collect, analyze, and report on digital evidence Velociraptor
to collect and analyze data from multiple endpoints KAPE (Eric Zimmerman’s tools)
to collect and process files SUMURI TALINO Workstations/Laptops Cellebrite Bi-Weekly Threat Assessment Reports (BTARs)
Ability to perform required forensics/malware analyst duties, including :
Create duplicates of evidence
that ensure the original evidence is not unintentionally modified Extracting deleted data
using data carving techniques Performing static and dynamic malware analysis
to discover indicators of compromise (IOCs)
On-site work : Must be able to work 80% (Monday through Thursday) onsite at the AOUSC office in Washington, DC Certifications
Required Qualifications include:
One of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User (must obtain within 90 days of starting) EnCase Certified Examiner Sans GCFA Volatility Certified Duties
Provides digital forensics and incident response support to AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government. Accept and respond to government technical requests through the AOUSC ITSM ticket system (e.g., HEAT or Service Now) for advanced SME technical investigative support for real-time incident response (IR), including cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler). Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence. Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover intrusion elements and identify root cause. Perform live forensic analysis based on SIEM data (e.g., Splunk). Conduct Splunk log analysis. Perform filesystem timeline analysis for inclusion in forensic report. Extract deleted data using data carving techniques. Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Perform static and dynamic malware analysis to discover indicators of compromise (IOC). Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility). Document analysis results in forensics reports. Additional forensics/malware analysis activities may include: prioritizing threat identification, reducing adversary dwell time, and supporting detection improvements and risk mitigations. Deliverables
Image Duplication : Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM Deleted Files : Deleted files supplied to requestor Advanced SME IR Reports : Timely Advanced SME IR support for Priority 1 security events (SME actively participating in IR activities within 4 hours of request, 7x24x365) Incident Reports : Forensic reports include a timeline with network, endpoint, and application events as available; reports are accurate and submitted within stated deliverable timelines Forensic Reports : Document the results of a forensic investigation with table of contents, executive summary, timeline, and conclusion Malware Analysis Reports : Document results of analyzing a malware specimen with contents including executive summary, technical details, persistence mechanisms, and conclusion All activities, tasks, tickets, and documents are tracked in JIRA Document repeatable Standard Operating Procedures (SOPs) and playbooks for security use cases Seniority level
Mid-Senior level Employment type
Full-time Job function
Security, Digital Forensics, and Incident Response Note: This description reflects the responsibilities and requirements of the Malware and Forensic Analyst (Senior) role as described by cFocus Software and is intended to inform applicants of the qualifications and duties. This posting does not include external referrals or non-essential notices.
#J-18808-Ljbffr
cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. Required Qualifications include: 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes
of operating systems (e.g.,
Windows, Linux, and macOS ) 5 years of experience utilizing the following forensics tools :
Magnet AXIOM
to acquire, analyze, and report on digital evidence SANS SIFT Workstation
for disk/memory analysis, network forensics, and malware analysis Encase
to collect, analyze, and report on digital evidence Velociraptor
to collect and analyze data from multiple endpoints KAPE (Eric Zimmerman’s tools)
to collect and process files SUMURI TALINO Workstations/Laptops Cellebrite Bi-Weekly Threat Assessment Reports (BTARs)
Ability to perform required forensics/malware analyst duties, including :
Create duplicates of evidence
that ensure the original evidence is not unintentionally modified Extracting deleted data
using data carving techniques Performing static and dynamic malware analysis
to discover indicators of compromise (IOCs)
On-site work : Must be able to work 80% (Monday through Thursday) onsite at the AOUSC office in Washington, DC Certifications
Required Qualifications include:
One of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User (must obtain within 90 days of starting) EnCase Certified Examiner Sans GCFA Volatility Certified Duties
Provides digital forensics and incident response support to AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government. Accept and respond to government technical requests through the AOUSC ITSM ticket system (e.g., HEAT or Service Now) for advanced SME technical investigative support for real-time incident response (IR), including cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler). Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence. Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover intrusion elements and identify root cause. Perform live forensic analysis based on SIEM data (e.g., Splunk). Conduct Splunk log analysis. Perform filesystem timeline analysis for inclusion in forensic report. Extract deleted data using data carving techniques. Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Perform static and dynamic malware analysis to discover indicators of compromise (IOC). Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility). Document analysis results in forensics reports. Additional forensics/malware analysis activities may include: prioritizing threat identification, reducing adversary dwell time, and supporting detection improvements and risk mitigations. Deliverables
Image Duplication : Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM Deleted Files : Deleted files supplied to requestor Advanced SME IR Reports : Timely Advanced SME IR support for Priority 1 security events (SME actively participating in IR activities within 4 hours of request, 7x24x365) Incident Reports : Forensic reports include a timeline with network, endpoint, and application events as available; reports are accurate and submitted within stated deliverable timelines Forensic Reports : Document the results of a forensic investigation with table of contents, executive summary, timeline, and conclusion Malware Analysis Reports : Document results of analyzing a malware specimen with contents including executive summary, technical details, persistence mechanisms, and conclusion All activities, tasks, tickets, and documents are tracked in JIRA Document repeatable Standard Operating Procedures (SOPs) and playbooks for security use cases Seniority level
Mid-Senior level Employment type
Full-time Job function
Security, Digital Forensics, and Incident Response Note: This description reflects the responsibilities and requirements of the Malware and Forensic Analyst (Senior) role as described by cFocus Software and is intended to inform applicants of the qualifications and duties. This posting does not include external referrals or non-essential notices.
#J-18808-Ljbffr