Cyber Defense Forensics Analysts - Mid

About The Position

Requirements

• Strong written and verbal communication skills.
• Solid knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
• Solid understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats.
• Good knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
• Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK).
• Ability to perform deep analysis of captured malicious code (e.g., malware forensics).
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Active Secret clearance

Responsibilities

• Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM).
• Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments.
• Use cloud-native techniques and methods to identify and create threat detections for automated response activities.
• Use Agile methodology to organize intelligence, hunts and project status.
• Be able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts.
• Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
• Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.
• Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
• Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes.
• Provide a technical summary of findings in accordance with established reporting procedures.
• Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
• Recognize and accurately report forensic artifacts indicative of a particular operating system.
• Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Create detections and automation to detect, contain, eradicate, and recover from security threats.
• Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures).
• Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
• Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.

Benefits

• General Description of Benefits [https://ecstech.com/careers/benefits]