Jobs via Dice
1 day ago Be among the first 25 applicants
Get AI-powered advice on this job and more exclusive features.
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Electronic Consulting Services, Inc (ECS Federal), is seeking the following. Apply via Dice today!
Job Description
ECS is seeking a
Cyber Defense Forensics Analysts Sr.
to work in our
Washington, DC
office.
Please Note:
This position is contingent upon additional funding.
Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM). Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments. Use cloud-native techniques and methods to identify and create threat detections for automated response activities. Use Agile methodology to organize intelligence, hunts and project status. Be able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts. Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers. Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. Provide a technical summary of findings in accordance with established reporting procedures. Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. Recognize and accurately report forensic artifacts indicative of a particular operating system. Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost). Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
Salary Range: $107,000 - $120,500
Required Skills
General Description of Benefits
Strong written and verbal communication skills. Create detections and automation to detect, contain, eradicate, and recover from security threats. Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques. Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures). Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools. Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc. Solid understanding of attacker tradecraft associated with email, app-based, cloud threatsand the ability to apply defensive tactics to protect against threats. Advanced knowledge ofoperating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOSplatforms Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK). Ability to perform deep analysis of captured malicious code (e.g., malware forensics). Skill in analyzing anomalous code as malicious or benign. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.
Certifications/Licenses:
Bachelor's degree or higher 10+ years' performing cyber threat hunting and forensics support for incident response. Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering. Active Top Secret /SCI clearance 5+ years of experience in digital forensics and incident response and threat hunt activities; Core Competencies in Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis; Require Cyber Defense Forensics Analyst Lead with Top Secret/Final with SCI Crossover-eligible Clearance; All access to classified information will be within government controlled secure facilities.
Desired Skills
Proficiency with at least Python, PowerShell, or bash. Proficiency in using query languages used in popular SIEM products (Splunk, Sentinel). Experience with producing finished intelligence content on threat actors and attacker techniques including written reports, presentations, and visuals covering attribution, threat detection and hunting guidance, and remediation recommendations. Experience conducting non-attributable research and conducting research using deep web. Preserve evidence integrity according to standard operating procedures or national standards. Ability to analyze memory dumps to extract information. Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Seniority level
Seniority level
Mid-Senior level Employment type
Employment type
Full-time Job function
Job function
Other, Information Technology, and Management Industries
Software Development Referrals increase your chances of interviewing at Jobs via Dice by 2x Sign in to set job alerts for Forensic Analyst roles.
Cyber Security Operations Specialist - CSOC (Tiers 1, 2, 3)
Springfield, VA $75,200.00-$158,100.00 4 months ago Washington, DC $66,200.00-$121,800.00 5 days ago Arlington, VA $104,000.00-$166,000.00 1 day ago Arlington, VA $114,000.00-$124,000.00 3 weeks ago Bethesda, MD $135,000.00-$216,000.00 2 days ago Cyber Defense Forensics Analyst Mid-Level
Fort Meade, MD $112,000.00-$179,000.00 2 weeks ago Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Columbia, MD $85,000.00-$172,000.00 4 weeks ago Washington, DC $107,000.00-$120,500.00 1 day ago Business Analyst - Association Management Systems
Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Annapolis Junction, MD $85,000.00-$172,000.00 4 weeks ago Arlington, VA $135,000.00-$216,000.00 1 week ago Senior Associate/Digital Forensics, Incident Response & Cybersecurity (Forensic Services practice)
Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Fort Meade, MD $85,000.00-$172,000.00 4 weeks ago Washington, DC $62,000.00-$141,000.00 2 weeks ago Odenton, MD $104,650.00-$189,175.00 3 weeks ago McLean, VA $112,000.00-$179,000.00 2 weeks ago Senior Schedule Forensics and Delay Claims Analyst
Bethesda, MD $135,000.00-$165,000.00 1 day ago Incident Response Analyst (US Government Clearance Required)
Arlington, VA $66,200.00-$121,800.00 5 days ago Threat Detection and Response Senior Manager
Washington, DC $142,900.00-$266,000.00 2 weeks ago Fort Meade, MD $135,000.00-$165,000.00 4 weeks ago Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr
Job Description
ECS is seeking a
Cyber Defense Forensics Analysts Sr.
to work in our
Washington, DC
office.
Please Note:
This position is contingent upon additional funding.
Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM). Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments. Use cloud-native techniques and methods to identify and create threat detections for automated response activities. Use Agile methodology to organize intelligence, hunts and project status. Be able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts. Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers. Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. Provide a technical summary of findings in accordance with established reporting procedures. Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. Recognize and accurately report forensic artifacts indicative of a particular operating system. Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost). Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
Salary Range: $107,000 - $120,500
Required Skills
General Description of Benefits
Strong written and verbal communication skills. Create detections and automation to detect, contain, eradicate, and recover from security threats. Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques. Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures). Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools. Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc. Solid understanding of attacker tradecraft associated with email, app-based, cloud threatsand the ability to apply defensive tactics to protect against threats. Advanced knowledge ofoperating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOSplatforms Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK). Ability to perform deep analysis of captured malicious code (e.g., malware forensics). Skill in analyzing anomalous code as malicious or benign. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.
Certifications/Licenses:
Bachelor's degree or higher 10+ years' performing cyber threat hunting and forensics support for incident response. Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering. Active Top Secret /SCI clearance 5+ years of experience in digital forensics and incident response and threat hunt activities; Core Competencies in Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis; Require Cyber Defense Forensics Analyst Lead with Top Secret/Final with SCI Crossover-eligible Clearance; All access to classified information will be within government controlled secure facilities.
Desired Skills
Proficiency with at least Python, PowerShell, or bash. Proficiency in using query languages used in popular SIEM products (Splunk, Sentinel). Experience with producing finished intelligence content on threat actors and attacker techniques including written reports, presentations, and visuals covering attribution, threat detection and hunting guidance, and remediation recommendations. Experience conducting non-attributable research and conducting research using deep web. Preserve evidence integrity according to standard operating procedures or national standards. Ability to analyze memory dumps to extract information. Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Seniority level
Seniority level
Mid-Senior level Employment type
Employment type
Full-time Job function
Job function
Other, Information Technology, and Management Industries
Software Development Referrals increase your chances of interviewing at Jobs via Dice by 2x Sign in to set job alerts for Forensic Analyst roles.
Cyber Security Operations Specialist - CSOC (Tiers 1, 2, 3)
Springfield, VA $75,200.00-$158,100.00 4 months ago Washington, DC $66,200.00-$121,800.00 5 days ago Arlington, VA $104,000.00-$166,000.00 1 day ago Arlington, VA $114,000.00-$124,000.00 3 weeks ago Bethesda, MD $135,000.00-$216,000.00 2 days ago Cyber Defense Forensics Analyst Mid-Level
Fort Meade, MD $112,000.00-$179,000.00 2 weeks ago Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Columbia, MD $85,000.00-$172,000.00 4 weeks ago Washington, DC $107,000.00-$120,500.00 1 day ago Business Analyst - Association Management Systems
Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Annapolis Junction, MD $85,000.00-$172,000.00 4 weeks ago Arlington, VA $135,000.00-$216,000.00 1 week ago Senior Associate/Digital Forensics, Incident Response & Cybersecurity (Forensic Services practice)
Malware Analyst - multiple levels - CLEARANCE and POLYGRAPH REQUIRED
Fort Meade, MD $85,000.00-$172,000.00 4 weeks ago Washington, DC $62,000.00-$141,000.00 2 weeks ago Odenton, MD $104,650.00-$189,175.00 3 weeks ago McLean, VA $112,000.00-$179,000.00 2 weeks ago Senior Schedule Forensics and Delay Claims Analyst
Bethesda, MD $135,000.00-$165,000.00 1 day ago Incident Response Analyst (US Government Clearance Required)
Arlington, VA $66,200.00-$121,800.00 5 days ago Threat Detection and Response Senior Manager
Washington, DC $142,900.00-$266,000.00 2 weeks ago Fort Meade, MD $135,000.00-$165,000.00 4 weeks ago Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr