Host Based Systems Analyst

  • Metro Systems Inc
  • Arlington, Virginia
  • Jan 13, 2021
Full time Host/Hostess

Job Description

Metro Systems is seeking a cleared Host Based Systems Analyst for our Fortune 100 client located in Arlington, VA.

Overview:

  • Acquiring/collecting computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements.
  • Assessing evidentiary value by triaging electronic devices.
  • Correlating forensic findings with network events to further develop an intrusion narrative.
  • When available, collecting and documenting system state information (running processes, network connections, etc.) prior to imaging.
  • Performing incident triage from a forensic perspective to include determining scope, urgency and potential impact.
  • Tracking and documenting forensic analysis from initial involvement through final resolution.
  • Collecting, processing, preserving, analyzing and presenting computer related evidence.
  • Coordinating with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings.
  • Conducting analysis of forensic images and other available evidence and drafting forensic write-ups for inclusion in reports and other written products.
  • Assisting in documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies.
  • Assisting in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report.
  • Assisting team members in imaging digital media.
  • Assisting in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems.
  • Using hashing algorithms to validate forensic images.
  • Under direct guidance and coaching if needed, locating critical items in various file systems to aid more senior personnel in their analysis.
  • Performing analysis of log files from a variety of sources to identify possible threats to computer security.
  • Using leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions.
  • Determining programs that have been executed, finding files that have been changed on disk and in memory.

Qualifications:

  • U.S. Citizenship.
  • Must have an active Top Secret clearance
  • Must be able to obtain DHS Suitability.
  • 2+ years of directly relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools.
  • Ability to create forensically sound duplicates of evidence (forensic images).
  • Able to write cyber investigative reports documenting digital forensics findings.
  • Experience with the analysis and characterization of cyber attacks.
  • Experience with proper evidence handing procedures and chain of custody protocols.
  • Skilled in identifying different classes of attacks and attack stages.
  • Knowledge of system and application security threats and vulnerabilities.
  • Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources.
  • Must be able to work collaboratively across physical locations.
  • BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree. High School Diploma and 4-6 years of host investigations experience may be substituted for the BS & 2-4 years of experience]

Desired:

  • Certifications: GCFA, GCFE, EnCE, CCE, CFCE, CISSP
  • Experience with two or more of the following tools:
    • EnCase
    • FTK
    • SIFT
    • X-Ways
    • Volatility
    • WireShark
    • Sleuth Kit/Autopsy
    • GRR
  • Experience with conducting all-source research.
- provided by Dice