Native American Industrial Solutions, LLC (NAIS)

Host Based Systems Analyst (I, II, III, and IV)

It Analyst in Washington, DC

Posted 2019-05-19
Description

Host Based Systems Analyst Levels I, II, III, and IV

(We are in the late stages of a proposal for a cybersecurity contract (Hunt and Incident Response Team services) and are looking to identify potential candidates. The job will not be active until late 2019, early 2020.)

Core Competencies:
•Uses leading edge technology and industry standard forensic tools and procedures to provide insightinto the cause and effect of suspected cyber intrusions
•Follows proper evidence handling procedures and chain of custody protocols
•Produces written reports documenting digital forensic findings
•Determines programs that have been executed, finds files that have been changed on disk and inmemory
•Uses timestamps and logs (host and network) to develop authoritative timelines of activity
•Finds evidence of deleted files and hidden data
•Identifies and documents case relevant file-system artifacts (browser histories, account usage andUSB histories, etc.)
•Creates forensically sound duplicates of evidence (forensic image) to use for data recovery andanalysis
•Performs all-source research for similar or related network events or incidents
•Skill in identifying different classes of attacks and attack stages
•Knowledge of system and application security threats and vulnerabilities
•Knowledge in proactive analysis of systems and networks, to include creating trust levels of criticalresources

Level I (Possess GCFA) (Minimum 3 years host-based investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with a minimum 1 year of host-based investigations or digital forensics experience) Proficiency at level I includes all core competencies in addition to the following:
•Assists in preliminary analysis by tracing an activity to its source and documenting findings for inputinto a forensic report
•Documents original condition of digital and/or associated evidence by taking photographs andcollecting hash information
•Assists team members in imaging digital media
•Assists in gathering, accessing and assessing evidence from electronic devices using forensic toolsand knowledge of operating systems
•Uses hashing algorithms to validate forensic images
•Works with mentor to identify and understand adversary TTPs
•Assists team members in analyzing the behaviors of malicious software
•Under direct guidance and coaching, locates critical items in various file systems to aid more seniorpersonnel in their analysis
•Perform analysis of log files from a variety of sources to identify possible threats to computer security

Level II (Possess GCIH and GCFA) (4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience) Proficiency at level II includes all skills defined at level I in addition to the following:
•Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems insupport of onsite engagements
•Assesses evidentiary value by triaging electronic devices
•Correlates forensic findings with network events to further develop an intrusion narrative
•When available, collects and documents system state information (running processes, networkconnections, etc.) prior to imaging
•Performs incident triage from a forensic perspective to include determination of scope, urgency andpotential impact.
•Tracks and documents forensic analysis from initial involvement through final resolution
•Collects, processes, preserves, analyzes and presents computer related evidence
•Coordinates with others within the Government and with customer personnel to validate/investigatealerts or other preliminary findings
•Conducts analysis of forensic images and other available evidence and drafts forensic write-ups forinclusion in reports and other written products
•Assists to document and publish Computer Network Defense guidance and reports on incidentfindings to appropriate constituencies

Level III (Possess GCIH, GCFA, and GREM) (7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience) Proficiency level III includes all skills defined at level II in addition to the following:
•Assists with leading and coordinating forensic teams in preliminary investigation
•Plans, coordinates and directs the inventory, examination and comprehensive technical analysis ofcomputer related evidence
•Distills analytic findings into executive summaries and in-depth technical reports
•Serves as technical forensics liaison to stakeholders and explains investigation details to includeforensic methodologies and protocols
•Tracks and documents on-site incident response activities and provides updates to leadershipthroughout the engagement
•Evaluates, extracts and analyzes suspected malicious code

Level IV (Possess GCIH, GCFA, and GREM) (10+ years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 8+ years of host-based investigations or digital forensics experience) Proficiency at level IV includes all skills defined at level III in addition to the following:
•Assists Federal leads with overseeing and leading forensic teams at onsite engagements bycoordinating evidence collection operations
•Provides technical assistance on digital evidence matters and forensic investigative techniques toappropriate personnel when necessary
•Writes in-depth reports, supports with peer reviews and provides quality assurance reviews for juniorpersonnel
•Supports in overseeing forensic analysis and mentoring/providing guidance to others on datacollection, analysis and reporting in support of onsite engagements

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be seen in a new It Analyst job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.