Overview Host Based Cybersecurity Analyst, Level 3This project is supporting a U.S. Government customer to provide support for on-site incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Candidates will perform investigations to characterize of the severity of breaches, develop mitigation plans, and assist with the restoration of services. We are seeking a Host Based Cybersecurity Analyst to support this critical program.Security Clearance Requirements: This position requires all candidates to be U.S. Citizens and possess an active Top Secret/SCI Clearance. Candidate must be able to obtain a DHS suitability prior to starting on the program.Responsibilities Acquiring/collecting computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements Assessing evidentiary value by triaging electronic devices Correlating forensic findings with network events to further develop an intrusion narrative When available, collecting and documenting system state information (running processes, network connections, etc.) prior to imaging Performing incident triage from a forensic perspective to include determining scope, urgency and potential impact Tracking and documenting forensic analysis from initial involvement through final resolution Collecting, processing, preserving, analyzing and presenting computer related evidence Coordinating with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings Conducting analysis of forensic images and other available evidence and drafting forensic write-ups for inclusion in reports and other written products Assisting in documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies Assisting in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report Documenting original condition of digital and/or associated evidence by taking photographs and collecting hash information Assisting team members in imaging digital media Assisting in gathering, accessing, and assessing evidence from electronic devices using forensic tools and knowledge of operating systems Using hashing algorithms to validate forensic images Working with mentor to identify and understand adversary TTPs Assisting team members in analyzing the behaviors of malicious software Under direct guidance and coaching if needed, locating critical items in various file systems to aid more senior personnel in their analysis Performing analysis of log files from a variety of sources to identify possible threats to computer securityQualifications Required Education & Years of Experience BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree. Two years of related work experience may be substituted for each year of degree level education. Required Skills 5+ years of directly relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools Ability to create forensically sound duplicates of evidence (forensic images) Able to write cyber investigative reports documenting digital forensics findings Experience with the analysis and characterization of cyber attacks Experience with proper evidence handing procedures and chain of custody protocols Skilled in identifying different classes of attacks and attack stages Knowledge of system and application security threats and vulnerabilities Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources Must be able to work collaboratively across physical locations Desired Skills Experience with two or more of the following tools: EnCase FTK SIFT X-Ways Volatility WireShark Sleuth Kit/Autopsy GRR Experience with conducting all-source researchDesired Certifications: GCFA, GCFE, EnCE, CCE, CFCE, CISSPWOOD is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.