ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
o Conduct forensic examinations of electronic evidence, including computer-related equipment, network devices, and information systems.
o Physically disassemble and examine computers and related hardware.
o Use forensic software/hardware applications to analyze electronic media.
o Examines and analyze magnetic and optical media.
o Collect, transport, label, and secure evidence from potential crime scenes and/or during forensic processing.
o Prepare written report of forensic examination findings to include procedures used and evidence located.
o Collaborate with other local, national and international CIRTs
o Document requests and activities in case management system
o Research and recommend forensic tools that improve productivity and accuracy of investigations
o Provide technical guidance and assistance to others involved in the investigation to ensure precautions are taken to prevent data and equipment damage
o Serve as technical consultant and provide training in computer examinations and techniques to other forensic investigators and internal investigative entities
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.
BS in Computer Engineering or Program Management is preferred (but not required) and the following certifications are preferred (but not required) ENCE, ACE, CCE, CISSP.
Skills and Experience
o Experienced in supporting technical staff, preferably in a security incident handler, data forensic and responders role
o An advanced understanding of host/network common vulnerabilities and exploits (CVEs), hacker methodologies and tactics, and the tools used
o An advanced understanding of and experienced in the use of tools such as Encase, FTK, ProDiscover, Fast Bloc and other commonly used forensic/security tools
o Advanced understanding of and experience with cyber threat intelligence gathering methodologies, such as hacker web sites, security/ security mailing lists, etc
o An advanced to expert understanding of the TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services
o An advanced understanding of computer and network malware analysis, including disassembly of binaries and portable executables.
o Must have an understanding of Chain of Custody principals and advanced understanding and experience with security incident evidence gathering. Should have previous experience as part of an incident response team, preferably in a senior or lead role
o An advanced understanding of and experience with host platform vulnerability assessment and hardening standards and methodologies
o An advanced understanding of common OS and domain structures (WindowsNT, 2000 Active Directory, etc.), servers, services, and associated vulnerabilities
o Experience with Linux, Red Hat, etc. hosts, operating systems, and applications
o An advanced understanding of and advanced experience with the monitoring and the analysis of Firewall logs (PIX/ASA, Sidewinder, Cyberguard), router syslogs, and network/host-based Intrusion Detection/ Prevention systems (IDS/IPS). Experienced in the configuration of IDS/IPS sensors and agents and advanced experience with the tuning of IDS/IPS, firewall ACL’s and rule sets
o An advanced understanding of network engineering and local and wide area (LAN/WAN) technologies and topology
o Experienced with the configuration and enterprise deployment of firewalls (Sidewinder, PIX/ASA, Cyberguard, Checkpoint, or others) and other security devices
o Experience with enterprise anti-viral solutions, experience with content filtering, anti-spyware and anti-malware systems and solutions
o Preferable previous experience performing Red/Blue Team or White Hat activities
o Strong written and verbal communication skills
o Proactive approach to problem identification and solving
o Demonstrated ability to identify and resolve problems
o Ability to interact at all levels of management and lead cross-functional, cross-regional teams
o Experience in using one or more standard forensic tools, certification preferred
o 5+ years of digital forensic or forensic software experience
o Proficiency with range of forensic software and processes
o Expertise in computer file systems and file system artifacts
o Knowledge of Federal Rules of Evidence
Experience with security technologies such as:
o Data/evidence recovery
o Event Correlation
o Security Incident and Event Management (SIEM)
o Insider Threat
o Log Analysis
o Anomaly Intrusion Detection
o Data Loss Prevention
o Exfiltration detection
CERTIFICATES, LICENSES, REGISTRATION
Certified Information Systems Security Professional (CISSP) Preferred
Encase Certified Examiner (EnCE) Preferred
Ability to obtain Top Secret Clearance