Cyber Defense Forensics Lead

About the position We are seeking an experienced Cyber Defense Forensics Lead in support of a government customer to join our team to provide Security Operations Support (SOC) Services to a government agency whose mission is to protect our Nation's borders from terrorist attacks, to provide law enforcement for over forty (40) Federal agencies, and to protect the revenue of the United States while facilitating trade. The SOC is a single point of management and reporting for information security incidents. The SOC exists to prevent, identify, contain, and eradicate cyber threats to networks through monitoring, intrusion detection, and protective security services to information systems, including local area networks / wide area networks (LAN / WAN), commercial Internet connection, public facing websites, wireless, mobile / cellular, cloud, security devices, servers, and workstations. The SOC is responsible for the overall security of Enterprise-wide information systems and collects, investigates, and reports any suspected and confirmed security violations. Responsibilities • Provide support to the Cyber Defense Forensic team in support of Insider Threat Operations and Security Operations according to established policies, handbooks, and Standard Operating Procedures (SOPs). • Monitor activities, conduct threat analysis, investigate policy violations, identify mitigation and/or remediation courses of action, and assess risk posed by trusted insiders. • Support the Cyber Defense Forensics and Insider Threat investigations through near real-time monitoring of the Data Loss Prevention (DLP) solutions and other applicable tools. • Provide recommendations for Information Spillage Incident Response efforts on handling and sanitization methods pursuant to industry best practices, NIST 800-88 recommendations, and Federal guidelines. • Conduct enterprise and individual system(s) endpoint and network based digital forensic analysis in support of Cyber Defense Forensics or Insider Threat investigations. • Leverage commercially available and open-source forensic tools to efficiently perform forensic analysis. • Assist with maintaining Forensics lab equipment. • Conduct formal digital forensic investigations and document findings in formal investigation reports. • Perform email hygiene activities. • Support enterprise recovery efforts to ensure that security events and incidents are properly remediated prior to reconstitution. • Make recommendations on the implementation of new tools and technologies that will enhance or generally improve SOC functions and capabilities. Requirements • Clearance requirement: Top Secret (SCI eligible) • Minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security. • Bachelor's of Science in computer engineering, computer science, IT or cyber security preferred (or 5 years of relevant work experience in lieu of a degree). • A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in insider threat monitoring software, host-based forensic tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, security operations ticket management. Nice-to-haves • Experience with cloud-based security technologies, architecture, and computing and searching, monitoring, and analyzing machine-generated big data is preferred. • The ability to create insider threat focused dashboards, reports and workflow diagrams. • Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data. • Experience with ad hoc training to junior members in a collaborative environment. • Creating and escalating cases via ticket management system. • Answer and respond to security events reported via external and/or internal parties via phone calls and group mailboxes. • Performing static and dynamic file analysis to identify malware characteristics, intent, and origin. • Conducting malware analysis and providing Malware Analysis Reports. • Providing requirements, playbooks, and workflows to support automation of Cyber Defense Forensics tasks. • Make recommendations for Zero Trust readiness and architecture for Cyber Defense Forensics (CDF) assigned tasks and pillars. Benefits • Health insurance • Dental insurance • Vision insurance • 401K • Life insurance • Short-term and long-term disability plans • Vacation time and holidays Apply tot his job