Our Arlington VA based client is looking for a Host Based Systems Analyst Level II. If you are qualified for this position, please email your updated resume in word format to Working location: Arlington VA Host Based Systems Analyst Level II
Security Clearance
Active Top Secret w SCI Core Competencies:
Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
Follows proper evidence handling procedures and chain of custody protocols
Produces written reports documenting digital forensic findings
Determines programs that have been executed, finds files that have been changed on disk and in memory
Uses timestamps and logs (host and network) to develop authoritative timelines of activity
Finds evidence of deleted files and hidden data
Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
Performs all-source research for similar or related network events or incidents
Skill in identifying different classes of attacks and attack stages
Knowledge of system and application security threats and vulnerabilities
Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
Level II
(4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cyber security, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience)
Proficiency at level II includes the following:
Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
Assesses evidentiary value by triaging electronic devices
Correlates forensic findings with network events to further develop an intrusion narrative
When available, collects and documents system state information (running processes, network connections, etc.) prior to imaging
Performs incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
Tracks and documents forensic analysis from initial involvement through final resolution
Collects, processes, preserves, analyzes and presents computer related evidence
Coordinates with others within the Government and with customer personnel to validate/investigate
alerts or other preliminary findings
Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for
inclusion in reports and other written products
Assists to document and publish Computer Network Defense guidance and reports on incident
findings to appropriate constituencies Host-Based Systems Analysts III
, or Cyber-Forensics Systems Analysts with active DoD TS/SCI eligible security clearance.
In this position you will:
• Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
• Document original condition of digital and/or associated evidence by taking photographs and collecting hash information
• Assist team members in imaging digital media
• Assist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
• Use hashing algorithms to validate forensic images
• Work with mentor to identify and understand adversary TTPs
• Assist team members in analyzing the behaviors of malicious software
• Under direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysis
• Perform analysis of log files from a variety of sources to identify possible threats to computer security
• Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
• Assess evidentiary value by triaging electronic devices
• Correlate forensic findings with network events to further develop an intrusion narrative
• When available, collect and document system state information (running processes, network connections, etc.) prior to imaging
• Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
• Track and document forensic analysis from initial involvement through final resolution
• Collect, process, preserve, analyze and present computer related evidence
• Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
• Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
• Assist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
• Assist with leading and coordinating forensic teams in preliminary investigation
• Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
• Distill analytic findings into executive summaries and in-depth technical reports
• Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
• Track and document on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluate, extract and analyze suspected malicious code Core Competencies required include:
• Use leading edge technologies and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
• Follow proper evidence handling procedures and chain-of-custody protocols
• Produce written reports documenting digital forensic findings
• Determine programs that have been executed, and find files that have been changed on disk and in memory
• Use timestamps and logs to develop authoritative timelines of activity
• Identify and document case relevant file-system artifacts
• Create forensically sound duplicates of evidence for use in data recovery and analysis
• Perform all-source research for similar or related network events or incidents
• Identify different classes of attack and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of proactive analysis of systems and networks, to include creating trust levels of critical resources Education and Background Requirements:
• Minimum 7-9 years incident management experience or cybersecurity operations experience with a High school diploma;
• Or, Bachelor's degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity or related discipline, and with minimum 5-7 year of incident management experience or cybersecurity operations experience
For all labor categories, unless otherwise specified, the following education degrees may be substituted for years of experience in a related discipline:
Bachelor's Degree = Two (2) years of experience
Master's Degree = Three (3) years of experience
Ph.D. = Four (4) years of experience Employment Requirements:
• Must have an active Top Secret/SCI security clearance or TS with SCI eligibility, verifiable in JPAS.
• Must have excellent written and verbal communication skills Physical Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform the described essential functions of the job.
Security Clearance
Active Top Secret w SCI Core Competencies:
Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
Follows proper evidence handling procedures and chain of custody protocols
Produces written reports documenting digital forensic findings
Determines programs that have been executed, finds files that have been changed on disk and in memory
Uses timestamps and logs (host and network) to develop authoritative timelines of activity
Finds evidence of deleted files and hidden data
Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
Performs all-source research for similar or related network events or incidents
Skill in identifying different classes of attacks and attack stages
Knowledge of system and application security threats and vulnerabilities
Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
Level II
(4-6 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cyber security, Computer Engineering, or related discipline, and with 2-4 years of host-based investigations or digital forensics experience)
Proficiency at level II includes the following:
Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
Assesses evidentiary value by triaging electronic devices
Correlates forensic findings with network events to further develop an intrusion narrative
When available, collects and documents system state information (running processes, network connections, etc.) prior to imaging
Performs incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
Tracks and documents forensic analysis from initial involvement through final resolution
Collects, processes, preserves, analyzes and presents computer related evidence
Coordinates with others within the Government and with customer personnel to validate/investigate
alerts or other preliminary findings
Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for
inclusion in reports and other written products
Assists to document and publish Computer Network Defense guidance and reports on incident
findings to appropriate constituencies Host-Based Systems Analysts III
, or Cyber-Forensics Systems Analysts with active DoD TS/SCI eligible security clearance.
In this position you will:
• Assist in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
• Document original condition of digital and/or associated evidence by taking photographs and collecting hash information
• Assist team members in imaging digital media
• Assist in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
• Use hashing algorithms to validate forensic images
• Work with mentor to identify and understand adversary TTPs
• Assist team members in analyzing the behaviors of malicious software
• Under direct guidance and coaching, locate critical items in various file systems to aid more senior personnel in their analysis
• Perform analysis of log files from a variety of sources to identify possible threats to computer security
• Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
• Assess evidentiary value by triaging electronic devices
• Correlate forensic findings with network events to further develop an intrusion narrative
• When available, collect and document system state information (running processes, network connections, etc.) prior to imaging
• Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
• Track and document forensic analysis from initial involvement through final resolution
• Collect, process, preserve, analyze and present computer related evidence
• Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
• Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
• Assist to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
• Assist with leading and coordinating forensic teams in preliminary investigation
• Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
• Distill analytic findings into executive summaries and in-depth technical reports
• Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
• Track and document on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluate, extract and analyze suspected malicious code Core Competencies required include:
• Use leading edge technologies and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
• Follow proper evidence handling procedures and chain-of-custody protocols
• Produce written reports documenting digital forensic findings
• Determine programs that have been executed, and find files that have been changed on disk and in memory
• Use timestamps and logs to develop authoritative timelines of activity
• Identify and document case relevant file-system artifacts
• Create forensically sound duplicates of evidence for use in data recovery and analysis
• Perform all-source research for similar or related network events or incidents
• Identify different classes of attack and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of proactive analysis of systems and networks, to include creating trust levels of critical resources Education and Background Requirements:
• Minimum 7-9 years incident management experience or cybersecurity operations experience with a High school diploma;
• Or, Bachelor's degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity or related discipline, and with minimum 5-7 year of incident management experience or cybersecurity operations experience
For all labor categories, unless otherwise specified, the following education degrees may be substituted for years of experience in a related discipline:
Bachelor's Degree = Two (2) years of experience
Master's Degree = Three (3) years of experience
Ph.D. = Four (4) years of experience Employment Requirements:
• Must have an active Top Secret/SCI security clearance or TS with SCI eligibility, verifiable in JPAS.
• Must have excellent written and verbal communication skills Physical Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform the described essential functions of the job.