Logo
Gray Tier Technologies

Host Based Systems Analyst SME

Gray Tier Technologies, Arlington, Texas, United States, 76000


Gray Tier Technologies is looking for a Cyber Forensics Analyst to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation’s cyber and communications infrastructure while providing front line response for cyber incidents and hunting for malicious cyber activity. Our team performs HIRT investigations to develop a diagnosis of the severity of breaches. Contract personnel provide front line response for digital forensics/incident response and proactively hunting for malicious cyber activity for this critical customer mission.

Responsibilities:

Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.Assess network topology and device configurations identifying critical security concerns and providing security best practice recommendations.Collect network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and use discovered data to enable mitigation of potential incidents.Collect network device integrity data and analyze for signs of tampering or compromise.Analyze identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information.Track and document on-site incident response activities and provide updates to leadership through executive summaries and in-depth technical reports.Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence.Serve as technical forensics liaison to stakeholders and explain investigation details.

Required Skills:

U.S. Citizenship.Active DoD Secret clearance. Must be able to obtain a TS/SCI clearance.Must be able to obtain DHS Suitability.8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools.Experience leading cross functional teams conducting cyber threat hunting activities.Experience with reconstructing a malicious attack or activity.Ability to characterize and analyze network traffic, identify anomalous activity/potential threats, analyze anomalies in network traffic using metadata.Ability to create forensically sound duplicates of evidence (forensic images).Able to write cyber investigative reports documenting forensics findings.In depth knowledge and experience of:Utilizing COTS and custom developed tools to detect APT activity.Reviewing threat reports and searching the network for applicable IOC (Indicators of Compromise).Identifying different classes and characterization of attacks and attack stages.CND policies, procedures and regulations.Network topologies, Wi-Fi Networking, and TCP/IP protocols.Splunk (or other SIEMs).Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame.MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK).Must be able to work collaboratively across physical locations.

Desired Skills:

Experience and proficiency with the following tools and techniques:EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort.EDR Tools: Crowdstrike, Carbon Black, Etc.Carving and extracting information from PCAP data.Non-traditional network traffic: Command and Control.Preserving evidence integrity according to national standards.Designing cyber security systems and environments in a Linux environment.Virtualized environments.Conducting all-source research.

Required Education:

BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience.

Desired Certifications:

GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA.

On-Site work 2-3 days per week.

#J-18808-Ljbffr