Cloud Forensics Analysts (CFA)

Cloud Forensics Analysts (CFA)

Location: Arlington, VA

The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactively hunts for malicious cyber activity.

Node, as a prime contractor to DHS, performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches.

Node provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.

Contract personnel provide a front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.

Node is seeking Cloud Forensics Analysts (CFA) to support this critical customer mission.

The CFA is a recently identified position for the HIRT and affords ample opportunities for training and career growth within the Cloud Forensics field.

Responsibilities:

- Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements

- Triage electronic devices and assess evidentiary value

- Correlate forensic findings to network events in support of developing an intrusion narrative

- Document system state information (e.g. running processes, network connections) prior to imaging, as required

- Perform forensic triage of an incident to include determining scope, urgency and potential impact

- Document forensic analysis from initial participation through resolution

- Collect, process, preserve, analyze and present computer-related evidence

- Coordinate with Government customers to validate/investigate alerts or additional preliminary findings

- Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products

- Assist to document and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings

Requirements

Required Skills/Clearances:

- U.S. Citizenship

- Active TS/SCI clearance

- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability

- 5+ years of direct relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools

- Understanding of SaaS, PaaS and IaaS in the Cloud Environment

- Authoring cyber investigative reports documenting digital forensics findings

- Analyze and characterize cyber-attacks unique to the cloud

- Skilled in identifying different classes of attacks and attack stages

- Understanding of system and application security threats and vulnerabilities

- Understanding of proactive analysis of systems and networks, including creating trust levels, and understanding cloud authentication methods

- Able to work collaboratively across physical locations

- Action-oriented and have a proactive approach to problem-solving

- Proficiency with common operating systems (e,g, Linux/Unix, Windows)

Desired Skills:

- Awareness of strategies/architectures involved in implementing M365/Azure authentication

- Experience in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms

- Understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365

- Proficiency with scripting languages (e.g. Bash, Python, Powershell, JS)

- Understanding of Azure administration, M365 administration and/or development/DevOps

Required Education:

BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 7-9 years of host or digital forensics experience.

Desired Certifications/Education:

GCLD, GCPS, GCPN, GWEB, CCSP, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, Kubernetes Security Specialist, Microsoft 365 Certifications, Microsoft Azure Certifications AWS Certifications, SANS Cloud Courses (SEC541, SEC584, SEC588) and Certifications

Company Overview:

Node.Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.

Our Core Values help us in our mission. They include:

OUR CORE VALUES

**Identifying the~RIGHT PEOPLE~and developing them to their full capabilities**

**Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner**

**We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence**

**Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions**

Benefits

• Medical (90% Coverage for Employee)
• Dental
• Vision
• Basic Life (100% Coverage for Employee)
• Long Term Disability (100% Coverage for Employee)
• Health Saving Account
• 401K
• Three weeks of PTO
• 10 Paid Holidays
• Pre-Approved Online Training