Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Host-Based Systems Analyst
Company Bluestone Analytics
Location Arlington, VA
Preferred GIAC Certifications GCFA, GCFE
Travel 10%
Salary $80 - $100k
URL https://www.indeed.com/job/host-based-systems-analyst-multiple-openings-6cdcf43123a90236
Contact Name Megan Owen
Contact Email mowen/at/bluestoneanalytics.com
Expires 2021-03-15

Job Description

Bluestone Analytics is a mission-focused, veteran-owned business that solves the world’s toughest problems through custom, targeted data collection augmented with artificial intelligence. We are committed to innovation, inclusion, and pushing the boundaries of Open Source Intelligence, and we purposely foster an employee-centric culture of fast-paced achievement and innovation.

Impact

Bluestone Analytics is seeking multiple TS cleared Host-Based Systems Analysts to conduct incident response(s), often providing immediate investigation and resolution, for clients who experience cyber-attacks. Investigations should characterize the severity of breaches and include the development of mitigation plans, and assist in the restoration of services. Additionally, utilize leading edge technology and industry standard forensic tools and procedures to educate customers, providing insight into the cause and effects of suspected cyber-attacks and threats in a proactive manner. Successful candidates will be results-driven, with experience building relationships within the DoD and federal space, and possess exceptional communication skills.

In a typical week, you may:

Use leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions;
Follow proper evidence handling procedures and chain of custody protocols;
Produce written reports documenting digital forensic findings;
Determine programs that have been executed, finds files that have been changed on disk and in memory;
Use timestamps and logs (host and network) to develop authoritative timelines of activity;
Find evidence of deleted files and hidden data • Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.);
Create forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis;
Perform all-source research for similar or related network events or incidents
Locate critical items in various file systems to aid more senior personnel in their analysis;
Perform analysis of log files from a variety of sources to identify possible threats to computer security
Acquire/collect computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements;
Correlate forensic findings with network events to further develop an intrusion narrative;
Collect and document system state information (running processes, network connections, etc.) prior to imaging;
Perform incident triage from a forensic perspective to include determination of scope, urgency and potential impact;
Track and document forensic analysis from initial involvement through final resolution;
Collect, process, preserve, analyze and present computer related evidence;
Coordinate with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings;
Conduct analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products;
Assist with documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies
Follow proper evidence handling procedures and chain of custody protocols;
Produce written reports which document digital forensic findings;
Determine programs that have been executed and find files that have been changed on disk and in memory;
Use timestamps and logs (host and network) to develop authoritative timelines of activity;
Find evidence of deleted files and hidden data;
Identify and document case relevant file-system artifacts (browser histories, account usage and USB histories, etc.);
Create forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis;

Required Background
US DoD TS/SCI Security Clearance, and;
BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree.
High School Diploma and 4-6 years of host investigations experience may be substituted for the BS & 2-4 years of experience]

Preferred Skills
DHS Suitability
Exceptional communication and language skills, both oral and written;
Skill in identifying different classes of attacks and attack stages;
Knowledge of system and application security threats and vulnerabilities;
Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
Experience with two or more of the following tools: --- EnCase --- FTK --- SIFT --- X-Ways --- Volatility --- WireShark --- Sleuth Kit/Autopsy --- GRR
Experience with conducting all-source research.
Desired Certifications: - GCFA, GCFE, EnCE, CCE, CFCE, CISSP