Arlington, Virginia, United States•ArlingtonVirginiaUnited StatesNorth America•May 13, 2024
Cloud Forensics Analysts (CFA)
Location: Arlington, VA
The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactively hunts for malicious cyber activity.
Node, as a prime contractor to DHS, performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches.
Node provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.
Contract personnel provide a front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.
Node is seeking Cloud Forensics Analysts (CFA) to support this critical customer mission.
The CFA is a recently identified position for the HIRT and affords ample opportunities for training and career growth within the Cloud Forensics field.
Responsibilities:
- Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
- Triage electronic devices and assess evidentiary value
- Correlate forensic findings to network events in support of developing an intrusion narrative
- Document system state information (e.g. running processes, network connections) prior to imaging, as required
- Perform forensic triage of an incident to include determining scope, urgency and potential impact
- Document forensic analysis from initial participation through resolution
- Collect, process, preserve, analyze and present computer-related evidence
- Coordinate with Government customers to validate/investigate alerts or additional preliminary findings
- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
- Assist to document and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings
Requirements
Required Skills/Clearances:
- U.S. Citizenship
- Active TS/SCI clearance
- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 5+ years of direct relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools
- Understanding of SaaS, PaaS and IaaS in the Cloud Environment
- Authoring cyber investigative reports documenting digital forensics findings
- Analyze and characterize cyber-attacks unique to the cloud
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, including creating trust levels, and understanding cloud authentication methods
- Able to work collaboratively across physical locations
- Action-oriented and have a proactive approach to problem-solving
- Proficiency with common operating systems (e,g, Linux/Unix, Windows)
Desired Skills:
- Awareness of strategies/architectures involved in implementing M365/Azure authentication
- Experience in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms
- Understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365
- Proficiency with scripting languages (e.g. Bash, Python, Powershell, JS)
- Understanding of Azure administration, M365 administration and/or development/DevOps
Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 7-9 years of host or digital forensics experience.
Desired Certifications/Education:
GCLD, GCPS, GCPN, GWEB, CCSP, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, Kubernetes Security Specialist, Microsoft 365 Certifications, Microsoft Azure Certifications AWS Certifications, SANS Cloud Courses (SEC541, SEC584, SEC588) and Certifications
Company Overview:
Node.Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.
Our Core Values help us in our mission. They include:
OUR CORE VALUES
**Identifying the~RIGHT PEOPLE~and developing them to their full capabilities**
**Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner**
**We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence**
**Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions**
Benefits