​​Cyber Forensics Analyst​

About The Position

Requirements

• Requires BS degree and 5 or more years of direct relevant experience. Degree in computer science, IT, Information/Cyber Security field from an accredited college or university.
• Flexible and adaptable self-starter with strong relationship-building skills
• Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses, recovery and root causes.
• Demonstrable experience performing forensic analysis, digital media analysis, and in-depth system & network log analysis in support of forensic investigations.
• Ability to generate forensically sound cyber analysis reports detailing forensically sound analysis procedures, findings, and recommendations from incident investigations.
• Strong problem-solving abilities with an analytic and qualitative eye for reasoning under pressure.
• Ability to independently prioritize and complete multiple tasks with little to no supervision.
• The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+) CompTIA Linux Network Professional (CLNP) CompTIA Pentest+ CompTIA Cybersecurity Analyst (CySA+) GPEN – Penetration Tester GWAPT – Web Application Penetration Tester GSNA – System and Network Auditor GISF – Security Fundamentals GXPN – Exploit Researcher and Advanced Penetration Tester GWEB – Web Application Defender GNFA – Network Forensic Analyst GMON – Continuous Monitoring Certification GCTI – Cyber Threat Intelligence GOSI – Open-Source Intelligence OSCP (Certified Professional) OSCE (Certified Expert) OSWP (Wireless Professional) OSEE (Exploitation Expert) CCFP – Certified Cyber Forensics Professional CISSP – Certified Information Systems Security CEH – Certified Ethical Hacker CHFI – Computer Hacking Forensic Investigator LPT – Licensed Penetration Tester CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst) ENSA – EC-Council Network Security Administrator ECIH – EC-Council Certified Incident Handler ECSS – EC-Council Certified Security Specialist ECES – EC-Council Certified Encryption Specialist
• All CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program.

Nice To Haves

• SANS GREM certification
• Experience performing computer forensics in Federal Government, DOD or Law Enforcement environments.
• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell.
• Knowledge of the Cyber Kill Chain and MITRE ATT&CK framework
• Advanced understanding of multiple Operating Systems, monitoring and detection techniques and methods, and Incident Response Lifecycle.
• Prior experience with CBP/DHS
• Between 2-3 years of experience in two or more of these specialized areas: Insider Threat Digital media forensic Monitoring and detection Incident Response

Responsibilities

• Provide recommendations for Information Spillage Incident Response efforts on handling and sanitization methods pursuant to industry best practices, NIST 800-88 recommendations, and Federal guidelines.
• Conduct enterprise and system(s) endpoint analysis (e.g., Windows, Linux, Mac, Cloud, and mobile systems) and network based digital forensic analysis
• Conduct formal digital forensic investigations and document findings in formal, forensically sound investigation reports.
• Perform Email hygiene activities in support of CBP investigations.
• Support enterprise recovery efforts as necessary to ensure that security events and incidents are properly remediated prior to restitution.
• Utilize state of the art forensic tools (FTK/Encase, etc) to perform computer, mobile phone forensics and memory analysis (volatility, rekall) in support of incident response.
• Conduct reverse engineering of suspicious files utilizing dynamic, automated and static analysis.
• Properly preserve evidence, maintain chain of custody and write malware analysis or forensic reports.
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response.
• Install, secure, maintain and recommend forensic software and hardware within a Forensic Lab environment while following established configuration management processes.
• Develop and build security content, scripts, tools, or methods to enhance forensic processes.
• Effectively investigate and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Develop and maintain Standard Operating Procedures (SOPs) and playbooks as deemed necessary.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.