Cyber Defense Forensics Analyst – Lead
- Bowie, MD, United States
- Clearance Level: TS/SCI
MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are the trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. We design and implement innovative security solutions to identify and defend against today’s risks and tomorrow’s attacks.
We believe that helping organizations operate from the best security posture possible requires automation. Empowering our employees to excel and providing them with the means to do so enables us to consistently exceed our clients’ expectations.
Unlike many IT consultancies, we’re not a body shop. Our client engagements are challenging and growth-oriented. Our relationship with you is for the long run because, in this business, your success is our success. That’s why we treat investments in employees as investments in the company itself, which is why we offer fantastic benefits (healthcare, generous PTO, paid maternity and paternity leave, and tuition reimbursement, to name a few).
But you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you.
We are an established, profitable, and growing company that promises you the following:
- A diverse organization.
- A safe workplace with zero tolerance for discrimination and harassment of any kind.
- A balanced work life. Seriously.
- Potential of a flexible schedule, depending on the specific customer.
- A leadership team focused on your professional growth and development.
This position is contingent upon award. The Cyber Defense Forensics Analyst-Lead will:
- Decrypt seized data using technical means.
- Provide technical summary of findings in accordance with established reporting procedures.
- Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
- Examine recovered data for information of relevance to the issue at hand.
- Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.
- Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment.
- Perform file signature analysis.
- Perform hash comparison against established database.
- Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).
- Perform timeline analysis.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
- Perform static media analysis.
- Perform tier 1, 2, and 3 malware analysis.
- Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures).
- Provide technical assistance on digital evidence matters to appropriate personnel.
- Recognize and accurately report forensic artifacts indicative of a particular operating system.
- Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
- Capture and analyze network traffic associated with malicious activities using network monitoring tools.
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
- Conduct cursory binary analysis.
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
- Perform virus scanning on digital media.
- Perform file system forensic analysis.
- Perform static analysis to mount an "image" of a drive (without necessarily having the original drive).
- Perform static malware analysis.
- Utilize deployable forensics toolkit to support operations as necessary.
- Coordinate with intelligence analysts to correlate threat assessment data.
- Process image with appropriate tools depending on analyst’s goals.
- Perform Windows registry analysis.
- Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
- Enter media information into tracking database (e.g., Product Tracker Tool) for digital media that has been acquired.
- Correlate incident data and perform cyber defense reporting.
- Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.
- Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies.
- Active Top Secret clearance required
- Bachelor's Degree preferred, experience may be considered in lieu of degree
- 5-7 years of experience in digital forensics and incident response and threat hunt activities
- Core Competencies in Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis
- Understanding that all access to classified information will be within government controlled secure facilities
- All your information will be kept confidential according to EEO guidelines
- Equal Opportunity Employer Veterans/Disabled