What are the responsibilities and job description for the Digital Forensic Incident Response Lead Analyst - Senior Level (TS required, eligible for SCI) position at RedTrace Technologies?
SECURITY CLEARANCE REQUIREMENT: TS, WITH SCI ELIGIBILITY
Position Description:
DFIR Lead Analyst is responsible for leading the DFIR team in preventing the escalation of severe security threats and providing reports to the security team. This position utilizes tools to minimize the effects of a security breach on the computer network and performs an analysis to ensure that computer networks are clear of threats.
Roles and Responsibilities:
The ideal candidate will have experience with four or more of the items below:
GAyGOr8zCZ
- POSITION REQUIRES US CITIZENSHIP***
Position Description:
DFIR Lead Analyst is responsible for leading the DFIR team in preventing the escalation of severe security threats and providing reports to the security team. This position utilizes tools to minimize the effects of a security breach on the computer network and performs an analysis to ensure that computer networks are clear of threats.
Roles and Responsibilities:
- Conduct full range of advanced professional duties required to monitor network activity, document and report on information security issues and emerging trends
- Provide threat and vulnerability analysis
- Monitor endpoint protection/detection for anomalies using designated escalation paths for remediation
- Review and monitor Security Information and Event Management (SIEM) log data for unauthorized access and initiate investigations if necessary
- Perform malware threat hunting using industry-leading products and applications
- Participate in developing security strategies
- Have experience with forensic tools such as Magnet AXIOM, or FTK enterprise
- Have experience creating forensic images of hard drives as part of data collection and further analysis
- Perform against established operational rhythm, expectations, and standards for Security Operations Center (SOC) DFIR line of effort
- Be part of the 24x7 operations of the FBI ESOC
- Perform advance incident handling responsibilities with direct interface with ESOC management team
- Identify areas of improvement for SOC processes and tools to enhance the mission
- MUST BE A US CITIZEN
- Bachelor's degree is desired
- TS clearance (eligibility to obtain SCI and pass CI poly)
- 5 years of experience with crisis management, incident response, strategic communications, or risk management
- 5 years of experience with supporting facilitation of trainings or briefing sessions
- Adept knowledge of cybersecurity and incident response principles, crisis management and emergency management principles
- Ability to leverage available learning resources, both internal and external
- Experience with advanced Microsoft Office products
- Ability to work within a highly collaborative, fast-paced, dynamic environment
- Possession of excellent verbal and written communication skills
- Possession of excellent interpersonal skills, including client management skills
- Strong IR and Digital forensics experience, and cloud experience is preferred
The ideal candidate will have experience with four or more of the items below:
- Splunk SearchProcessing Language (SPL)
- Microsoft Defender for Endpoint (MDE)
- Microsoft Azure Sentinel
- Kusto Query Language (KQL)
- Linux Bash
- PowerShell/CMD
- Networking - intermediate level knowledge of computer networking
- Type 2 Hypervisor software such as VMware Workstation Pro, VirtualBox, Hyper-V
- Comfortable using various distributions of Linux
- Competitive salary for well qualified applicants
- 401(k) plan
- Annual performance bonus
- Certification and advanced degree attainment bonuses
- Student Loan / Tuition reimbursement
- Health Care Insurance (medical, dental, vision)
- Up to four weeks of paid vacation
- 11 Federal Holidays, and 3 Floating Holidays
- Team bonding events
GAyGOr8zCZ