cFocus Software seeks a Cyber Incident Response Analyst (Senior) to join our program supporting USDOT in Washington, DC. This position has remote capabilities. This position requires an active Public Trust clearance and must meet 8570 requirements.
Qualifications:
- Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
- Active Public Trust clearance.
- 8570 Compliant (Security+ CE)
- Hold active certifications such as GCIA or GCIH or GSEC or GMON, and Splunk Core Power User.
- 7+ years of relevant experience.
Duties:
- Lead one or more functional security teams.
- Support the development of staff schedules and staffing forecasts for approval.
- Ensure shift members follow the appropriate incident escalation and reporting procedures.
- Provide support promptly and efficiently through front-line telephone and email communications.
- Assist with knowledge management – Standard Operating Procedures and procedural support data.
- Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or ServiceNow) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
- IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
- Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
- Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
- Perform live forensic analysis based on SIEM data (e.g., Splunk).
- Perform filesystem timeline analysis for inclusion in forensic report.
- Extract deleted data using data carving techniques.
- Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
- Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
- Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
- Write forensic and malware analysis reports.