Cybersecurity Incident Response/ Forensic Analyst

Description

EHS Technologies, a cutting-edge IT, Cyber Security and Engineering Firm dedicated to solving the Department of Defense's most challenging problems is seeking an Incident Response/ Forensic Analyst Specialist to support the Naval Surface Warfare Center, Philadelphia Division (NSWCPD) Code 531 which is responsible for Cybersecurity, Monitoring & Information Systems associated with Hull, Machinery & Electric Control & Network Systems.

Requirements

Specific duties include:

Provide forensic capabilities to support the systems in a Hull, Mechanical and Electrical (HM&E) network enclave. Serve as forensic analyst and/or team member in the Cyber Fusion Resource Center (CFRC).

Tasking will include:

· Process equipment involved in cyber incident as directed by government representative.

· Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations (Note: Only to be conducted by personnel with a Law Enforcement or Counterintelligence Authority to collect and seize evidence).

· Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.

· Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.

· Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape forms.

· Detect and analyze encrypted data, stenography, alternate data streams and other forms of concealed data.

· Provide technical summary of findings in accordance with established reporting procedures.

· Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking).

· Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.

· Examine recovered data for information of relevance to the issue at hand.

· Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.

· Perform file signature analysis.

· Perform hash comparison against established database.

· Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

· Write forensic data collection and analysis procedures.

Minimum Education: Bachelor of Science in Engineering or IT related area of study

Active DoD Secret Clearance is required