Job Description

Description: Job Title: Digital Forensics SOC Analyst III

Location: Hybrid-Must be local to Crownsville, MD

US Citizens Only

Responsibilities:

Client is seeking a Digital Forensics SOC Analyst III. The role will work closely with Government counterparts to provide support in cybersecurity incident response, mitigation, analysis, & information dissemination. Provide analysts Tier 3 support, systems, and network forensic investigation support for the Security Operations Center (SOC) activities. Work as a technical leader within the State of Maryland DoIT SOC & responsible for maintaining the integrity of the cybersecurity related analysis. This role will be responsible for performing the following tasks:

Duties and Responsibilities:

• Report to Director of Security Operations or his/her designee
• Provide SOC Analyst Tier 3 escalation support
• Plan, initiate, and conduct investigations for cybersecurity incidents response efforts
• Perform forensic examinations on compromised systems
• Understand and use forensic tools and techniques for cybersecurity incidents
• Create forensic root cause and scope of impact analysis reports
• Contribute to technical briefings on the details of forensics exams and report
• Provide support in conducting malware analysis of attacker tools
• Stay current on incident response and digital forensics skills, best practices, and tools
• Train SOC analysts on usage of SIEM tools (Splunk), and basic event analysis
• Develop rules and tune SIEM and related tools to streamline the event analysis done by the SOC
• Assist developing new processes and procedures for SOC monitoring
• Monitor networks for threats from external and internal sources
• Analyze network traffic of compromised systems and networks
• Correlate actionable security events from various sources
• Review threat data and develop custom detection signatures
• Gather and analyze threat intelligence data and conduct threat hunting
• Understand cybersecurity attacks and tactics, techniques, and procedures (TTPs) associated with advanced threats
• Communicate clearly with Government counterparts, and SOC customers
• Development and implementation and operational and technical incident response processes, procedure, guidance, and standards
• Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.
  
  

Qualifications:

Education and Years of Experience:

• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline and 4+ years of experience. Associate degree and/or cyber courses/certifications or 5 years of experience in directly related fields may be substituted in lieu of bachelor’s degree
  
  

Required Skills/Certifications:

• Hands-on experience with security monitoring and SIEMs tools - Splunk Enterprise Security is preferred
• Demonstrated working knowledge of cyber forensics and incident handling best practice processes, procedures, standards, and techniques
• Hands-on experience with forensics image capture tools i.e., FTK Imager, MAGNET ACQUIRE
• Hands-on experience with system image/file system/registry forensics tools i.e., Encase, FTK, X-Ways, Magnet AXIOM, Sleuthkit, Access Data Registry Viewer, Registry Recon, or other)
• Hands-on experience with PCAP analysis tools i.e., Wireshark, TCP Dump, Network Miner, Xplico, or other
• Hands-on experience with memory forensics tools i.e., BlackLight, Volatility, SANS SIFT, Magnet RAM Capture, or FireEye Memoryze, CrowdStrike Crowd Response
• Hands-on experience with Endpoint Detection & Response solutions - Tanium Threat Response, McAfee or other
  
  

Desired Skills/Certifications (Not Required):

• Practical hands-on experience with static in malware analysis
• Hands-on experience with malware anti-forensics, obfuscation, packing techniques
• Hands-on experience with malware Analysis - Miscellaneous dynamic & static analysis tools (IDA Pro, Ghidra, OllyDBG, WinHex, HexEdit, HexDump, PeSTudio, REMux, OLEDUMP)
• Hands-on experience with Custom Signature Creation - YARA
• Scripting/Programming experience - Python, Perl, C, C++, Go
• Highly desired industry certifications include Certified Forensics Computer Examiner (CFCE), Computer Hacking Forensic Investigator (CHFI), GIAC Certified Forensic Examiner (GCFE), Certified Computer Examiner (CCE)
• Relevant industry certifications such as Certified Ethical Hacker (CEH), GIAC Reverse Engineering Malware (GREM), Certified Reverse Engineering Analyst (CREA) etc.
  
  

Additional Requirements: Must be able to pass a Fingerprint background check.