CLEARANCE REQUIREMENT: MUST HAVE AN ACTIVE TS SCI.
CORE COMPETENCIES:
- Follows proper evidence handling procedures and chain of custody protocols.
- Produces written reports documenting digital forensic findings.
- Determines programs that have been executed, finds files that have been changed on disk and in memory.
- Uses timestamps and logs (host and network) to develop authoritative timelines of activity.
- Finds evidence of deleted files and hidden data.
- Identifies and documents case-relevant file-system artifacts (browser histories, account usage and USB histories, etc.).
- Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis.
- Performs all-source research for similar or related network events or incidents.
- Skill in identifying different classes of attacks and attack stages.
- Knowledge of system and application security threats and vulnerabilities.
- Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources.
REQUIRED SKILLS:
- Must be able to obtain a TS/SCI clearance.
- 4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience.
- Solid leadership and communication skills. Able to lead activities and, also work as an individual contributor.
- Experience establishing and maintaining good working relationships in all levels of the organization, including customers, organizations, internal management, and support.
- Experience with standard security principles, policies, standards, and industry best practices.
BASIC QUALIFICATION:
4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience.
Proficiency level III includes all core competencies as listed above, in addition to the following:
- Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements.
- Assesses evidentiary value by triaging electronic devices.
- Correlates forensic findings with network events to further develop an intrusion narrative.
- When available, collects and documents system state information (running processes, network connections, etc.) prior to imaging.
- Performs incident triage from a forensic perspective to include determination of scope, urgency, and potential impact.
- Tracks and documents forensic analysis from initial involvement through final resolution.
- Collects, processes, preserves, analyzes, and presents computer-related evidence.
- Coordinates with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings.
- Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products.
- Assists to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies.