Cyber Defense Forensics Analysts - Mid

Everforth ECS is seeking a Cyber Defense Forensics Analysts - Mid to work in our Washington, DC office.

Position Summary:

ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a mid-level Cyber Defense Forensics Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Security Clearance Requirement:

• Active Secret clearance

Job Requirements:

• Strong written and verbal communication skills.
• Create detections and automation to detect, contain, eradicate, and recover from security threats.
• Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures).
• Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
• Solid knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
• Solid understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats.
• Good knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
• Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK).
• Ability to perform deep analysis of captured malicious code (e.g., malware forensics).
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.

Certifications/Licenses:

• Bachelors degree or higher
• 5+ years performing cyber threat hunting and forensics support for incident response.
• Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering.
• Active Secret clearance or higher

Salary Range: $102,600 - $117,500

General Description of Benefits