Digital Forensics Analyst/Incident Responder
Vacancy expired!
About DMI DMI (Digital Management, LLC.) is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for over a hundred Fortune 1000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,000+ employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. DMInc.com | Careers | Twitter | LinkedIn | Facebook About the Opportunity DMI (Digital Management, LLC.) is looking for a
Digital Forensics Analyst/Incident Responder. The role will work closely with Government counterparts to provide support in cybersecurity incident response, mitigation, analysis, & information dissemination. Provide analysts Tier 3 support, systems, and network forensic investigation support for the Security Operations Center (SOC) activities. Work as a technical leader within the State of Maryland DoIT SOC & responsible for maintaining the integrity of the cybersecurity related analysis. This role will be responsible for performing the following tasks: Duties and Responsibilities:- Report to Director of Security Operations or his/her designee
- Provide SOC Analyst Tier 3 escalation support
- Plan, initiate, and conduct investigations for cybersecurity incidents response efforts
- Perform forensic examinations on compromised systems
- Understand and use forensic tools and techniques for cybersecurity incidents
- Create forensic root cause and scope of impact analysis reports
- Contribute to technical briefings on the details of forensics exams and report
- Provide support in conducting malware analysis of attacker tools
- Stay current on incident response and digital forensics skills, best practices, and tools
- Train SOC analysts on usage of SIEM tools (Splunk), and basic event analysis
- Develop rules and tune SIEM and related tools to streamline the event analysis done by the SOC
- Assist developing new processes and procedures for SOC monitoring
- Monitor networks for threats from external and internal sources
- Analyze network traffic of compromised systems and networks
- Correlate actionable security events from various sources
- Review threat data and develop custom detection signatures
- Gather and analyze threat intelligence data and conduct threat hunting
- Understand cybersecurity attacks and tactics, techniques, and procedures (TTPs) associated with advanced threats
- Communicate clearly with Government counterparts, and SOC customers
- Development and implementation and operational and technical incident response processes, procedure, guidance, and standards
- Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.
- Bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline and 4+ years of experience. Associate degree and/or cyber courses/certifications or 5 years of experience in directly related fields may be substituted in lieu of bachelor's degree
- Hands-on experience with security monitoring and SIEMs tools - Splunk Enterprise Security is preferred
- Demonstrated working knowledge of cyber forensics and incident handling best practice processes, procedures, standards, and techniques
- Hands-on experience with forensics image capture tools i.e., FTK Imager, MAGNET ACQUIRE
- Hands-on experience with system image/file system/registry forensics tools i.e., Encase, FTK, X-Ways, Magnet AXIOM, Sleuthkit, Access Data Registry Viewer, Registry Recon, or other)
- Hands-on experience with PCAP analysis tools i.e., Wireshark, TCP Dump, Network Miner, Xplico, or other
- Hands-on experience with memory forensics tools i.e., BlackLight, Volatility, SANS SIFT, Magnet RAM Capture, or FireEye Memoryze, CrowdStrike Crowd Response
- Hands-on experience with Endpoint Detection & Response solutions - Tanium Threat Response, McAfee or other
- Practical hands-on experience with static in malware analysis
- Hands-on experience with malware anti-forensics, obfuscation, packing techniques
- Hands-on experience with malware Analysis - Miscellaneous dynamic & static analysis tools (IDA Pro, Ghidra, OllyDBG, WinHex, HexEdit, HexDump, PeSTudio, REMux, OLEDUMP)
- Hands-on experience with Custom Signature Creation - YARA
- Scripting/Programming experience - Python, Perl, C, C, Go
- Highly desired industry certifications include Certified Forensics Computer Examiner (CFCE), Computer Hacking Forensic Investigator (CHFI), GIAC Certified Forensic Examiner (GCFE), Certified Computer Examiner (CCE)
- Relevant industry certifications such as Certified Ethical Hacker (CEH), GIAC Reverse Engineering Malware (GREM), Certified Reverse Engineering Analyst (CREA) etc.
- Community - Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community.
- Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel and many other items to provide convenience.
- Development - Annual performance management, continuing education and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
- Financial - Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
- Recognition - Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgement through Give-A-Wow, employee referral bonuses.
- Wellness - Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, on-site lactation rooms provide employees with several wellness options.
Vacancy expired!