Host Based Systems Analyst

Metro Systems is seeking a cleared Host Based Systems Analyst for our Fortune 100 client located in Arlington, VA.

Overview:

• Acquiring/collecting computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements.
• Assessing evidentiary value by triaging electronic devices.
• Correlating forensic findings with network events to further develop an intrusion narrative.
• When available, collecting and documenting system state information (running processes, network connections, etc.) prior to imaging.
• Performing incident triage from a forensic perspective to include determining scope, urgency and potential impact.
• Tracking and documenting forensic analysis from initial involvement through final resolution.
• Collecting, processing, preserving, analyzing and presenting computer related evidence.
• Coordinating with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings.
• Conducting analysis of forensic images and other available evidence and drafting forensic write-ups for inclusion in reports and other written products.
• Assisting in documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies.
• Assisting in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report.
• Assisting team members in imaging digital media.
• Assisting in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems.
• Using hashing algorithms to validate forensic images.
• Under direct guidance and coaching if needed, locating critical items in various file systems to aid more senior personnel in their analysis.
• Performing analysis of log files from a variety of sources to identify possible threats to computer security.
• Using leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions.
• Determining programs that have been executed, finding files that have been changed on disk and in memory.

Qualifications:

• U.S. Citizenship.
• Must have an active Top Secret clearance
• Must be able to obtain DHS Suitability.
• 2+ years of directly relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools.
• Ability to create forensically sound duplicates of evidence (forensic images).
• Able to write cyber investigative reports documenting digital forensics findings.
• Experience with the analysis and characterization of cyber attacks.
• Experience with proper evidence handing procedures and chain of custody protocols.
• Skilled in identifying different classes of attacks and attack stages.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources.
• Must be able to work collaboratively across physical locations.
• BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree. High School Diploma and 4-6 years of host investigations experience may be substituted for the BS & 2-4 years of experience]

Desired:

• Certifications: GCFA, GCFE, EnCE, CCE, CFCE, CISSP
• Experience with two or more of the following tools:
  • EnCase
  • FTK
  • SIFT
  • X-Ways
  • Volatility
  • WireShark
  • Sleuth Kit/Autopsy
  • GRR
• Experience with conducting all-source research.