Network Forensic Cybersecurity Analyst (Cybersecurity Systems Analyst (Host-based) - Level III

A3T (Agil3 Technology Solutions, LLC), one of the fastest growing U.S. companies, specializes in Cybersecurity Operations, IT/Digital Modernization, Emerging Technology, and Professional Services. Join A3T and watch your career soar!

A3T is seeking Cybersecurity Systems Analysts to support our DHS critical customer mission. If you are experienced, hard-working and dedicated, apply today!

This work is a partial remote position on a case-by-case basis.

The DHS’s Hunt and Incident Response Team (HIRT) secures the nation’s infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactive hunting for malicious cyber activity. A3T provides support for on and offsite incident response to Government agencies and critical infrastructure owners who experience cyber-attacks by providing HIRT advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation, using host and network-based cybersecurity analysis capabilities. Personnel perform investigations to characterize the level of severity of breaches and develop mitigation/remediation plans.

Duties and Responsibilities:

• Assists with leading and coordinating forensic teams in preliminary investigation
• Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
• Distills analytic findings into executive summaries and in-depth technical reports
• Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
• Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluates, extracts and analyzes suspected malicious code
• Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
• Assesses evidentiary value by triaging electronic devices
• Correlates forensic findings with network events to further develop an intrusion narrative
• When available, collects and documents system state information (running processes,network connections, etc.) prior to imaging
• Performs incident triage from a forensic perspective to include determination of scope, urgency and potential impact
• Tracks and documents forensic analysis from initial involvement through final resolution
• Collects, processes, preserves, analyzes and presents computer related evidence
• Coordinates with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
• Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
• Assists to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
• Assists in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
• Documents original condition of digital and/or associated evidence by taking photographs and collecting hash information
• Assists team members in imaging digital media
• Assists in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
• Uses hashing algorithms to validate forensic images
• Works with mentor to identify and understand adversary TTPs
• Assists team members in analyzing the behaviors of malicious software
• Under direct guidance and coaching, locates critical items in various file systems to aid more senior personnel in their analysis
• Perform analysis of log files from a variety of sources to identify possible threats to computer security

Core Competencies:

• Knowledge of Computer Network Defense policies, procedures, and regulations
• Knowledge of defense-in-depth principles and general attack stages with respect to network security architecture
• Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Ability to identify and analyze anomalies in network traffic using metadata
• Experience with reconstructing a malicious attack or activity based on network traffic
• Experience examining network topologies to understand data flows through the network
• Must be able to work collaboratively across physical locations
• Knowledge of network device integrity concepts and methodologies
• Skill in preserving evidence integrity according to standard operating procedures or national standards
• 8+ years of directly relevant experience in network investigations
• In depth knowledge of CND policies, procedures and regulations
• In depth knowledge of TCP/IP protocols
• In depth knowledge of standard protocols – ICMP, HTTP/S, DNS, SSH, SMTP, SMB, NFS, etc.
• In depth knowledge and experience of Wi-Fi networking
• In depth knowledge and experience of network topologies - DMZ’s, WAN’s, etc.
• Substantial knowledge of Splunk (or other SIEM’s)
• Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

Qualifications:

• U.S. citizen and ability to obtain DHS suitability
• Must have an active TS/SCI-level security clearance
• Minimum 7-9 years host investigations OR digital forensics experience with a High school diploma; OR a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience

Desired Certifications:

• DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst
• DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident Responder
• DoD 8140.01 CEH, CSSP Analyst
• SANS GIAC GNFA preferre

Company Overview
Agil3 Technology Solutions LLC ("A3T") is a Northern Virginia based, ISO 9001:2018, ISO 20000 & ISO 27001 Certified, 8a, Women-Owned (WOSB) and Service-disabled Veteran-Owned (SDVOSB) small business. A recent recipient of the prestigious Washington Technology, TOP 50 (ranking #9), A3T is experiencing industry leading recognition and growth. In addition to the CEO’s recognition as an “All-Star Entrepreneur”, A3T is recognized by Inc Magazine as one of the fastest growing companies in the country, by Vet 50, as Fastest Growing Veteran-Owned Businesses, and is Featured in Cyber Security Ventures / Cybercrime Magazine! “As a go-to Women-Owned Cybersecurity company in US and internationally”. As part of our growth, we are looking for a YOU to join our growing team.

A3T offers excellent benefits to enhance the work-life balance, these include the following:

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance
• Parking/Travel Reimbursement (metropolitan areas)….and more!

It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.