Solutions3
Title:
Host Based Systems Analyst III
Description: Solutions³ LLC is supporting our prime contractor and their U.S. Government customer on a large mission-critical provide remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. Solutions³ LLC is seeking
Host Forensics Analysts
to support this critical customer mission.
Eligibility:
Must be a US Citizen Must have an active
TS/SCI clearance Must be able to obtainDHS Suitabilityprior to starting employment 5+ years
of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools Responsibilities Include:
Assists with leading and coordinating forensic teams in preliminary investigations Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence Distills analytic findings into executive summaries and in-depth technical reports Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement Evaluates, extracts and analyzes suspected malicious code Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements Triage electronic devices and assess evidentiary value Correlate forensic findings to network events in support of developing an intrusion narrative Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required Perform forensic triage of an incident to include determining scope, urgency and potential impact Track and document forensic analysis from initial participation through resolution Collect, process, preserve, analyze and present computer related evidence Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products Assist in documenting and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings Required Skills:
Proficiency with two or more of the following tools:
EnCase FTK SIFT X-Ways Volatility WireShark Sleuth Kit/Autopsy Splunk Snort Other EDR Tools (Crowdstrike, Carbon Black, etc)
Proficiency conducting all-source research. Desired Skills:
Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection. Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats. Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Desired Certifications:
One or more of the following certifications: GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and
7+ years
of host or digital forensics experience
Host Based Systems Analyst III
Description: Solutions³ LLC is supporting our prime contractor and their U.S. Government customer on a large mission-critical provide remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. Solutions³ LLC is seeking
Host Forensics Analysts
to support this critical customer mission.
Eligibility:
Must be a US Citizen Must have an active
TS/SCI clearance Must be able to obtainDHS Suitabilityprior to starting employment 5+ years
of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools Responsibilities Include:
Assists with leading and coordinating forensic teams in preliminary investigations Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence Distills analytic findings into executive summaries and in-depth technical reports Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement Evaluates, extracts and analyzes suspected malicious code Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements Triage electronic devices and assess evidentiary value Correlate forensic findings to network events in support of developing an intrusion narrative Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required Perform forensic triage of an incident to include determining scope, urgency and potential impact Track and document forensic analysis from initial participation through resolution Collect, process, preserve, analyze and present computer related evidence Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products Assist in documenting and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings Required Skills:
Proficiency with two or more of the following tools:
EnCase FTK SIFT X-Ways Volatility WireShark Sleuth Kit/Autopsy Splunk Snort Other EDR Tools (Crowdstrike, Carbon Black, etc)
Proficiency conducting all-source research. Desired Skills:
Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection. Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats. Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Desired Certifications:
One or more of the following certifications: GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and
7+ years
of host or digital forensics experience