🚀 Forensics / Malware Analyst

Overview

Forensics/Malware Analyst — Washington, DC

Pay From: $55.00 per hour

Must

• Experienced Forensics/Malware Analyst
• Must have one of the following certifications: GCIA, GCIH, GMON, GDAT, Splunk Core Power User
• Priority if you have one of the following certs: SANS, GCFA cert, EnCase Certified Examiner cert or Volatility
• 5 years of experience performing incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler
• 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)
• 5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g., CrowdStrike) and custom scripts
• 5 years of experience utilizing the following forensics tools:
  • Splunk to perform live forensic analysis
  • Magnet AXIOM to acquire, analyze, and report on digital evidence
  • Volatility framework to analyze volatile memory (RAM) dumps
• Must have ability to perform required forensics/malware analyst duties, including:
• Create duplicates of evidence that ensure the original evidence is not unintentionally modified
• Extracting deleted data using data carving techniques
• Performing static and dynamic malware analysis to discover indicators of compromise (IOCs)
• Bachelors degree preferred

DUTIES

• Provides digital forensics and incident response support to the Security Operations Center (SOC).
• Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks.
• Produces forensics reports to assist the SOC and the Courts in understanding the nature and impact of cyber incidents and in prioritizing risk mitigation across the Judicial Branch of Government.
• Accepts and responds to government technical requests through AOUSC ITSM tickets (e.g., HEAT or Service Now) for advanced SME technical investigative support for real-time incident response (IR).
• IR includes cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
• Create duplicates of evidence that ensure the original evidence is not unintentionally modified. Use AOUSC supplied procedures and tools to acquire the evidence.
• Analyze forensic artifacts of operating systems (Windows, Linux, macOS) to discover intrusion elements and identify root cause.
• Perform live forensic analysis based on SIEM data (e.g., Splunk).
• Perform filesystem timeline analysis for inclusion in forensic reports.
• Extract deleted data using data carving techniques.
• Collect and analyze data from compromised systems using EDR agents and custom scripts provided by AOUSC.
• Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
• Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility). Document analysis results in forensics reports.
• Additional forensics/malware analysis activities may include: identify and communicate cybersecurity threats and risks with clarity; reduce adversary dwell time within judicial networks; analyze security incidents for root cause and improvement opportunities.

Quadrant is an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, or status as an individual with a disability.