Provides expert level consultation and technical services on all aspects of Information Security. Manages large-scale programs of national or international scope. Maintains senior affiliations with national and international organizations associated with information security.
Cyber Security supports overall in-depth analysis of emails, web usage and messaging for nefarious activity and suspected malicious code and/or infected systems and network devices, perform necessary inspection, analysis to understand system user activities and the behavior of the software, the root cause for its presence, and report the findings. Duties/Tasks and Responsibilities: The Contractor shall establish and enhance the capability to conduct forensic analysis support, including the exploitation of standard and non-standard operating systems, the forensic investigation of special client cases, and the forensic analysis of customer systems, etc. Analyze either real or suspected malicious code using both behavioral and code analysis and provide a report and recommendation on actions to take to defend against the threat or issue. The Contractor shall leverage custom, commercial, academic, customer's partners, and any tool variants necessary to perform forensic analysis. This work includes, but is not limited to: - Data identification, reduction, and analysis to detect suspicious data types, client tools, modified software and/or other malicious content. - Data extraction from various data sources including files, directories, unallocated space, raw images, custom databases (e.g. include parsing of data types necessary to extract metadata and content of forensic value). - Data analysis (e.g. forensic and investigative) of raw and extracted data to include processing and interpretation of volatile memory captures and captured images of various electronic devices. - System kernel level processing to detect and report on significant kernel events such as root kits and kernel level customer tools and communications. - Red teaming (e.g. forensic IV&V) to enhance client capabilities through extensive knowledge gained through the detection and analysis of known content. - Induction, cataloging, and disposition of evidence.
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and 12 to 15 years related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, computer science is preferred. 1. Demonstrated on-the-job experience in computer forensic analysis. 2. A minimum of 10 years of demonstrated on-the job related IT experience is required with at least a minimum of 2 years of that experience in first-tier computer intrusion investigation and analysis, vulnerability analysis, or computer forensic analysis. 3. Demonstrated on-the-job experience with at least one or more computer forensic suites (example: EnCase, FTK, X-Ways) is required. 4. Demonstrated on-the-job experience with networking concepts (TCP/IP, HTTP, HTTPS, FTP, RPC, SNMP, DNS, etc.) and proficiency with network traffic analysis tools is required. Clearance required is TS/SCI w/Poly.
1. Demonstrated 2 years experience working for the client or customer's Partners. 2. Demonstrated on-the-job experience with databases such as Postgres, MySQL, SQLite is preferred. 3. Demonstrated on-the-job experience with programming skills with scripting languages such as Perl, Python, Bash, etc is preferred. 4. Demonstrated hands on experience with mobile phone forensic analysis. 5. Demonstrated on-the-job experience with malware analysis and reverse engineering is highly desired. 6. Demonstrated on-the-job experience working on multi-person teams. 7. Demonstrated on-the-job experience producing and presenting high quality written reports, and oral briefing is required.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.