Digital Forensics Specialist

About NCEM: The mission of North Carolina Emergency Management (NCEM) is to enhance North Carolina's resiliency through active collaboration, communication, and coordination of efficient and effective preparedness, response, recovery, and mitigation of all natural and manmade hazards and threats. It is part of the NC Department of Public Safety (NCDPS). About the Homeland Security Section: The mission of the Homeland Security Section is to provide the Division and the State Emergency Response Team (SERT) with proactive critical infrastructure planning and protection support, situational awareness and intelligence gathering, interagency coordination, and cyber preparedness, mitigation and response in collaboration with local, state, and federal partners. This collaboration includes training and assistance; strategic planning; investigative and intelligence support. The Homeland Security Section also collaborates with local, state and federal partners supporting the education sector in North Carolina. About the Position: The Digital Forensics Specialist is responsible for assessing specific, potential incidents related to investigations and events, provides specialized technical case and operational support, and produces highly-technical strategic intelligence. Technical analysis provides a detailed picture of events as they occurred and allows an intelligence analyst to connect these events to cyber actors, tools, and tactics, techniques, and procedures (TTPs) inside and outside of the jurisdiction. This Specialist will primarily focus on highly-technical matters and will require multiple certifications and/or extensive cyber training and experience. This position will perform analysis of raw, primary, and secondary data derived from various sources; including assisting with log analysis, netflow analysis, incident response, malware analysis, computer forensics, and penetration testing services; work alongside Department of Defense, federal, state, and local agencies in addressing threats posed by terrorists, nation-states, and other cybercriminals conducting cyber-attacks; assist with cyber security and provide actionable recommendations regarding the cyber security of partners on local, state, federal, and Department of Defense networks and hunt for indicators of compromise, using various toolsets, based on intelligence gathered. This position will serve on cyber working groups and Incident Response Teams, as appropriate; monitor a variety of classified, sensitive, partner, and open source reporting for cyber information relevant to partners and/or the Fusion Center domain; coordinate with appropriate personnel, organizations, and units, including but not limited to the Department of Public Safety, the Department of Information Technology, state and federal membership of the Homeland Security Advisor Work Group, state and local law enforcement, and the owners and operators of Critical Infrastructure (CI), the Multi-State Information Sharing and Analysis Center (MS-ISAC) and other Information Sharing and Analysis Organizations (ISAOs). This position will produce daily, monthly, and/or ad-hoc, actionable intelligence products on emerging cyber incidents, risks, threats, events, or trends; provide actionable strategic and technical intelligence to partners regarding new cyber trends and patterns, TTPs, tools, or actors related to state and Department of Defense networks. The position will work with other Fusion Center staff to ensure that developments in cyber, computer, and network security, and law enforcement investigative capabilities are accounted for in non-cyber focused intelligence production; and take an active part in the gathering, analysis, and communication of threat intelligence through the designated process.