Host Based Systems Analyst - Gray Tier Technologies

Core Competencies:

• Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
• Follows proper evidence handling procedures and chain of custody protocols
• Produces written reports documenting digital forensic findings
• Determines programs that have been executed, finds files that have been changed on disk and in memory
• Uses timestamps and logs (host and network) to develop authoritative timelines of activity
• Finds evidence of deleted files and hidden data
• Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
• Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
• Performs all-source research for similar or related network events or incidents
• Skill in identifying different classes of attacks and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources

Requirements 

• (7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)
• Proficiency level III includes all skills defined at level II in addition to the following:
• Assists with leading and coordinating forensic teams in preliminary investigation
• Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
• Distills analytic findings into executive summaries and in-depth technical reports
• Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
• Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
• Evaluates, extracts and analyzes suspected malicious code