Forensics Analyst/Host Based Systems Analyst III (TS/SCI Required)

  • ManTech International
  • Arlington, Virginia
  • Feb 08, 2021
Full time Host/Hostess

Job Description

Secure our Nation, Ignite your FutureBecome an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you'll help protect our national security while working on innovative projects that offer opportunities for advancement.Currently, ManTech is seeking a motivated, career and customer-oriented Forensics Analyst/Host Based Systems Analyst III to join our team at the DHS Facility.Responsibilities include, but are not limited to:Provide Host-based Systems Support for Cybersecurity to include:a) Perform forensic analysis on all common operating system environments, to include, but not limited to, Microsoft Windows, Mac OS, UNIX, Linux, Solaris, as well as embedded systems.b) Perform ad-hoc data analysis to include but not limited to, on-the-fly onsite data integration and scripting (e.g., analyzing multiple log types for a new indicator, comparing aggregated logs to local machine logs).c) Monitor open source channels (e.g., vendor sites, Computer Emergency Response Teams (CERTs), SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.d) Analyze digital media (e.g., logs, code, phones, hard drives, memory dumps, etc.) to determine attack vectors and develop mitigation techniques.e) Ability to conduct memory forensics in large networks and being able to carve memory and conduct analysis to find malicious activity only resident in memory.f) Receive and analyze alerts from various sources within the enterprise and determine possible causes of such alerts.g) Track and document Computer Network Defense (CND) hunts and incidents from initial detection through final resolution.h) Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.i) Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.j) Perform real-time CND hunt and incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable hunt and incident response teams.k) Develop and disseminate engagement reports, technical reports and briefs based on analytic findings.l) Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.m) Maintain readiness to divert and deploy teams of contract resources to provide on-site support and assistance in the event of an exercise or cyber incident.n) Identify and document tactics, techniques and procedures used by an attacker to gain unauthorized access.o) Assist in development of procedures and processes to analyze and categorize digital media.p) Follow industry standard forensic best practices while imaging, preserving, transporting and handling electronic data and associated physical devices.q) Participate in inter-agency sponsored community of interest analysis groups, conduct and participate in technical briefings and exchanges.r) Develop tips, indicators, warnings and actionable information.s) Support the development and evaluation of performance metrics.t) Assist with preservation and duplication of original media obtained from the Government's (e.g., NCCIC, HIRT, NCATS) customers.u) Assist with maintaining the readiness of all fly-away kits, storage media and forensic VM analyst images.v) Develop new processes, procedures and analytic methods.w) Develop mitigation recommendations and methods.Basic Qualifications:Use leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusionsFollow proper evidence handling procedures and chain of custody protocolsProduce written reports documenting digital forensic findingsDetermine programs that have been executed, find files that have been changed on disk and in memoryUse timestamps and logs (host and network) to develop authoritative timelines of activityFind evidence of deleted files and hidden dataIdentify and document case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)Create forensically sound duplicates of evidence (forensic image) to use for data recovery and analysisPerform all-source research for similar or related network events or incidentsSkill in identifying different classes of attacks and attack stagesKnowledge of system and application security threats and vulnerabilitiesKnowledge in proactive analysis of systems and networks, to include creating trust levels of critical resourcesPreferred Qualifications:Level I(Minimum 3 years host-based investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with a minimum 1 year of host-based investigations or digital forensics experience)Proficiency at Level I includes all basic qualifications mentioned above in addition to the following:Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic reportDocument original condition of digital and/or associated evidence by taking photographs and collecting hash informationAssist team members in imaging digital mediaAssist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systemsUse hashing algorithms to validate forensic imagesWork with mentor to identify and understand adversary TTPsAssist team members in analyzing the behaviors of malicious softwareUnder direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysisPerform analysis of log files from a variety of sources to identify possible threats to computer securityLevel II(4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience)Proficiency at Level II includes all skills defined at Level I in addition to the following:Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagementsAssess evidentiary value by triaging electronic devicesCorrelate forensic findings with network events to further develop an intrusion narrativeWhen available, collect and document system state information (running processes, network connections, etc.) prior to imagingPerform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.Track and document forensic analysis from initial involvement through final resolutionCollect, process, preserve, analyze and present computer related evidenceCoordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findingsConduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written productsAssist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituenciesLevel III(7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)Proficiency Level III includes all skills defined at Level II in addition to the following:Assist with leading and coordinating forensic teams in preliminary investigationPlan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidenceDistill analytic findings into executive summaries and in-depth technical reportsServe as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocolsTrack and document on-site incident response activities and provide updates to leadership throughout the engagementEvaluate, extract and analyze suspected malicious codeSecurity Clearance Requirements:TS/SCIPhysical Requirements:Office work, typically sedentary with some movement around the office.ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at . ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies..... click apply for full job details