Cyber Security Forensics Analyst

  • Washington, DC, Washington, DC, us
  • Full-time

Company Description

Encompass (IT) Security Services is a full services technology service provider located in Bowie, MD. Our services range from enterprise planning and implementation to Cyber Security. Our clients include federal, state and local governments, non-profits and other corporate entities.

Job Description

Under limited supervision, analyzes support requests and determine tools and procedures required to preserve, collect and analyze electronically stored information (ESI) in a forensically sound manner.  Performs expert collection, processing, and analysis of collected ESI in accordance with Forensics laboratory and ISO standards; deliver processed data and reports.  Perform required reporting and documentation and maintain chain of custody of computer forensics evidence.  Capable of independently handling complex, large volume, and previously un-encountered situations and examinations.  Guides, assists, and mentors less experienced Computer Forensic Specialists. 

Duties and Responsibilities: 
 
Serves as a source of technical counsel and advice for forensic collection and processing activities.
 
Responsible for planning, organizing, conducting, and directing forensic and non-forensic data collections and processing on Windows-, Linux-, and MAC-based desktop/laptop computer systems, servers to include SQL, Exchange and Files Shares, mobile devices, and related digital storage media.
Responsible for managing digital forensics examinations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and disposition).
 
Uses knowledge and experience of a wide variety of advanced computer technologies and forensic theories to conduct forensic examinations and complex analysis with the goal of developing forensically sound evidence.
 
Operates at a senior level, applying industry accepted digital forensics principles in acquiring, collecting, preserving, and processing structured and unstructured data according to established procedures and protocols. Utilizes industry accepted forensic tools such as EnCase, FTK, and NUIX.
 
Responsible for performing complex, large-scale digital forensic examinations to include collection in a live client-server environment utilizing validated remote forensic software (e.g. EnCase® Enterprise Edition, etc.).
 
Researches and maintains proficiency in tools, techniques, and trends.
 
Prepares clear and comprehensive notes and reports of findings. Provides oral and written communications to legal staff concerning results of examinations to include legal declarations as well as testimony at trial.
 
Acts as a source of reference for junior analysts and possess the ability to lead forensic investigations in the field.
 
Reviews and approves reports, notes, and case files of junior analysts.
Collaborates with other forensic analysts, law enforcement officers, and legal experts to identify methods and procedures for recovery, preservation, and presentation of computer evidence.
 
Provides technical guidance and assistance to legal staff while ensuring that proper precautions are taken in the preservation and prevention of spoliation of electronic evidence.
 
Complies with standards, policies, and procedures established for the forensics laboratory including ASCLD/LAB accreditation requirements, supplements, criteria, and interpretations as it applies to digital evidence.
 
Performs related work as required.

Qualifications

Required Qualifications:


**Must have CISSP certification**

Bachelor's degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field and 12 -“ 15 years professional experience with 5 to 8 years current digital forensics collection and processing experience.
 
Must possess enterprise level experience conducting digital forensics collections and processing across a variety of hardware and software architectures. Performs work at full performance level.
 
Must possess and maintain 1 non-vendor specific Digital Forensics Certification (e.g., IACIS® Certified Forensic Computer Examiner (CFCE) or ISFCE Certified Computer Examiner (CCE)) and 1 tool-Specific Digital Forensics Certifications (e.g., EnCase® Certified Examiner (EnCE). AccessData Certified Examiner (ACE), or Cellebrite Certified Mobile Examiner (CCME))
 
Demonstrated expert-level experience in the use of forensic tools (e.g. EnCase® Forensic and Enterprise Editions, Forensic Toolkit®, NUIX Investigator, Cellebrite UFED, Linux based tools, etc.) and be able to articulate, in detail, the processes being conducted by these automated forensic tools.
 
Knowledge of LAN/WAN/MAN network environments.
 
Experience in the forensic, forensically sound, and non-forensic collection and processing of a wide variety of enterprise e-mail systems (e.g. Exchange, Lotus, etc.), archiving systems, and backup systems.
 
Demonstrated experience in the forensic, forensically sound, and non-forensic collection and processing of enterprise database systems (e.g. SQL, Oracle, etc.), archiving systems, and backup systems. To include, experience in the design and development of relational databases (e.g. Access, SQL Server, MySQL, etc.) in support of large-scale digital forensic investigations and data-analysis.
 
 
Demonstrated experience in the interpretation, processing and translation of file and operating system artifacts across a variety of platforms.
 
Demonstrated experience processing of large data volumes.
 
Working knowledge of and ability to apply the Federal Rules of Evidence (FRE) as they apply to electronic evidence as well as demonstrated experience in applying these rules to the framework of an investigation or litigation.
 
Demonstrated experience testifying and taking testimony in a civil, criminal, regulatory or administrative proceeding.
 
Strong project management skills with the ability to multitask and manage several projects at any given time.
 
Desired Qualifications:
 
Master's degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field.
 
CompTIA„¢ A+, CompTIA„¢ Network+, or CompTIA„¢ Server+ certification
 
Demonstrated experience in Object-Oriented Programming (e.g. C++, Java, EnScript®, etc.)
 
PHYSICAL DEMANDS:
 
Normal demands associated with an office environment; ability to work on computer for long periods and communicate with individuals by telephone, email and face to face.
 
Agility and coordination in handling equipment and evidence as required. May be required to lift items up to 75 pounds and sit/stand for extended periods of time.
 



Additional Information

All your information will be kept confidential according to EEO guidelines.