No more applications are being accepted for this job
- Acquire/collect computer artifacts and logs in support of onsite and remote engagements
- Triage electronic devices and assess evidentiary value
- Correlate forensic findings to network events in support of developing an intrusion narrative
- Collect and document system state information (e.g
- Perform forensic triage of an incident to include determining scope, urgency and potential impact
- Track and document forensic analysis from initial participation through resolution
- Collect, process, preserve, analyze and present computer related evidence
- Coordinate with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
- Conduct analysis of forensic images, and available evidence in support of forensic writeups for inclusion in reports and written products
- Support cloud development and automation projects to enhance threat emulation capabilities
- Assist to document Computer Network Defense (CND) guidance and create reports pertaining to incident findings Required Skills/Clearances:
- U.S
- Active TS/SCI clearance
- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 10+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
- In depth understanding of SaaS, PaaS and IaaS in the Cloud Environment
- Ability to create forensically sound duplicates of evidence (forensic images)
- Ability to author cyber investigative reports documenting digital forensics findings
- Proficiency with analysis and characterization of cyber attacks
- Knowledge of cloud development and automation tools such as Terraform, Kubernetes, AWS CloudFormation, Azure Resource Manager, and Docker.
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources Desired Skills:
- Knowledge of strategies/architectures involved in implementing M365/Azure authentication, how these relate to a federated identity solution, and a fundamental understanding of how threat actors would target identity to compromise an environment
- Advanced experience and proficiency across various aspects of IT operations (e.g
- Experience and understanding in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms
- Fundamental understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M36
- Proficiency with scripting languages (e.g
- Ability to develop tools, architecture and configurations in Azure environment to support identifying threat actor activity.
- Understanding of how Azure/M365 platform protection is implemented and security operations available Required Education:
- One or more of the following certifications: GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS certifications, Microsoft Azure associated certifications.
Cloud Network Defense Analyst - Arlington, VA, United States - CyTech Services
Description
Cyber Technology Services, Incprovides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities
Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity
We are seeking Cyber Network Defense Analysts (CNDA) with Cloud Forensics experience to support this critical customer mission
Responsibilities:
Desired Certifications: