Senior Cyber Forensics Analyst - Sierra Vista, United States - SOSi

Description

**This position is contingent upon award of contract**

SOS International, LLC (SOSi) is currently seeking a Senior Cyber Forensics Analyst in Fort Huachuca, AZ. The Senior Cyber Forensics Analyst serves as the Forensics/Malware SME reporting to the DCO Branch Manager and is responsible for supporting all activities relating to Forensics/Malware procedures and systems.

• Lead and/or participate in the evaluation and analysis of complex malicious code through the utilization of tools, including dissemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers.
• Lead and examine malicious software using reverse engineering techniques to identify the nature of threats and perform analysis to understand adversarial capabilities and tactics.
• Develop procedures and scripts to identify, collect, transfer, and preserve evidence of unauthorized access to military and partner networks.
• Develop and maintains practices on obtaining forensic images of servers, workstations, laptops, flash devices, removable media, cell phones, RAID, and virtual systems.
• Oversees analysis of computer network intrusion events and malicious activity.
• Leads initial event triage & escalation, sensor monitoring, cyber incident investigation, cyber event analysis & correlation, log analysis, and malware analysis.
• Draft and review forensic and malware reports, briefings, and white papers.
• Analyze trends and statistics to provide proactive indications and warnings of malicious cyber activity and correlate attacks, exploits, and threat vectors.
• Develop mitigation techniques to deny further exploitation and provide recommendations for appropriate response and corrective actions to defend against threat activity.
• Shall work and interact with other DCO professionals internal and external to ARCYBER, with LE/CI Liaison Officers (LNOs), and intelligence professionals as a technical specialist to understand higher-level adversary capability.
• Responsible for providing findings in a technical report with details of the malware, identification parameters, advanced capabilities, and mitigation strategies.
• Conducts research in the area of malicious software, vulnerabilities, and exploitation tactics. Requires experience with application security, network security, reverse engineering, or malware.
• Requires strong knowledge of worms, viruses, Trojans, rootkits, botnets, Windows internals, and the Win32 API.
• Extensive experience required in programming (assembly and web) and system analysis with various tools, including IDA Pro, Ollydbg, PCAP tools, or TCP Dump.
• Leads the integration of new technical solutions and platforms into the DoDIN-A, develops new processes, and authors new SOPs and TTPs to employ them to their full potential.
• Conducts root cause analysis to identify, diagnose, and resolve cyber security problems.
• Creates and maintains comprehensive documentation for all implemented cyber security activities.
• Works with vendors to evaluate new products and resolve equipment design problems.
• Provides guidance and work leadership to less-experienced cyber security analysts and other technical staff.
• Maintains current knowledge of relevant technologies as assigned.
• Updates SmartBooks associated with current knowledge of relevant technologies as assigned.
• Participates in special projects as required.
• Potential to lead/manage high level administrative/technical taskings without assistance.
• Collaborate with external agencies, LE/CI, GTMs, Branch Chiefs, Division Chiefs and Leadership.

• Active in scope Top Secret (TS) with eligibility for Sensitive Compartmented Information (SCI) clearance
• HS +12 years of experience, AA/AS +10 or BA/BS +8
• An IAT III certification (CASP+CE, CCNP-Security, CISA, CISSP(or Associate), GCED, or GCIH) is required
• CSSP-IR Certification
• GIAC Certified Forensic analyst (GCFA)
• ITIL Foundation Certification
• Knowledgeable in the mission and operational requirements of the U.S. Army
• Demonstrated understanding of U.S. Army IT operational and technical requirements and an advanced understanding of Risk Management Framework (RMF)
• Must be willing to work overtime, after hours, holidays, and weekends, as necessary

• Master's degree in Network Management, Telecommunications, Cybersecurity, National Security Strategy, or a related field
• ITIL v4 certification

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.

• Active in scope Top Secret (TS) with eligibility for Sensitive Compartmented Information (SCI) clearance
• HS +12 years of experience, AA/AS +10 or BA/BS +8
• An IAT III certification (CASP+CE, CCNP-Security, CISA, CISSP(or Associate), GCED, or GCIH) is required
• CSSP-IR Certification
• GIAC Certified Forensic analyst (GCFA)
• ITIL Foundation Certification
• Knowledgeable in the mission and operational requirements of the U.S. Army
• Demonstrated understanding of U.S. Army IT operational and technical requirements and an advanced understanding of Risk Management Framework (RMF)
• Must be willing to work overtime, after hours, holidays, and weekends, as necessary
• Lead and/or participate in the evaluation and analysis of complex malicious code through the utilization of tools, including dissemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers.
• Lead and examine malicious software using reverse engineering techniques to identify the nature of threats and perform analysis to understand adversarial capabilities and tactics.
• Develop procedures and scripts to identify, collect, transfer, and preserve evidence of unauthorized access to military and partner networks.
• Develop and maintains practices on obtaining forensic images of servers, workstations, laptops, flash devices, removable media, cell phones, RAID, and virtual systems.
• Oversees analysis of computer network intrusion events and malicious activity.
• Leads initial event triage & escalation, sensor monitoring, cyber incident investigation, cyber event analysis & correlation, log analysis, and malware analysis.
• Draft and review forensic and malware reports, briefings, and white papers.
• Analyze trends and statistics to provide proactive indications and warnings of malicious cyber activity and correlate attacks, exploits, and threat vectors.
• Develop mitigation techniques to deny further exploitation and provide recommendations for appropriate response and corrective actions to defend against threat activity.
• Shall work and interact with other DCO professionals internal and external to ARCYBER, with LE/CI Liaison Officers (LNOs), and intelligence professionals as a technical specialist to understand higher-level adversary capability.
• Responsible for providing findings in a technical report with details of the malware, identification parameters, advanced capabilities, and mitigation strategies.
• Conducts research in the area of malicious software, vulnerabilities, and exploitation tactics. Requires experience with application security, network security, reverse engineering, or malware.
• Requires strong knowledge of worms, viruses, Trojans, rootkits, botnets, Windows internals, and the Win32 API.
• Extensive experience required in programming (assembly and web) and system analysis with various tools, including IDA Pro, Ollydbg, PCAP tools, or TCP Dump.
• Leads the integration of new technical solutions and platforms into the DoDIN-A, develops new processes, and authors new SOPs and TTPs to employ them to their full potential.
• Conducts root cause analysis to identify, diagnose, and resolve cyber security problems.
• Creates and maintains comprehensive documentation for all implemented cyber security activities.
• Works with vendors to evaluate new products and resolve equipment design problems.
• Provides guidance and work leadership to less-experienced cyber security analysts and other technical staff.
• Maintains current knowledge of relevant technologies as assigned.
• Updates SmartBooks associated with current knowledge of relevant technologies as assigned.
• Participates in special projects as required.
• Potential to lead/manage high level administrative/technical taskings without assistance.
• Collaborate with external agencies, LE/CI, GTMs, Branch Chiefs, Division Chiefs and Leadership.