What are the responsibilities and job description for the Senior Digital Forensics Incident Response Analyst position at Tyto Athene, LLC?
Tyto Athene is searching for a Senior Digital Forensics Incident Response Analyst to support our customer in Arlington, Virginia.
Responsibilities:
- Utilize state-of-the-art technologies such as EDR, SEIM, and full packet capture to perform hunt and investigative activity to examine endpoint and network-based activity
- Conduct host and network forensics, log analysis, triage, and malware analysis in support of incident response
- Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
- Contribute to rule and signature creation for cybersecurity tools
- Lead IR activities and provide regular incident updates to key stakeholders and executive leadership
- Serve as the primary incident point of contact with customer, third-party vendors, and other external parties
- Work with key stakeholders to implement remediation plans in response to incidents
- Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
- Capture cybersecurity metrics in direct support to regular tactical and executive-level briefings (daily, weekly, monthly, quarterly, annual, and ad hoc)
- Create IR and forensics reports documenting findings, detailed analysis, recommendations, and lessons learned.
- Act as a technical escalation point for SOC Watch Floor and mentor junior staff
- Author Standard Operating Procedures (SOPs) and training documentation when needed
Required:
- Bachelor’s degree in computer science, Information Technology, or related field and 6 years of relevant experience or a Masters degree and 2 years
- Experience with EDR and SIEM technologies
- Advanced knowledge of TCP/IP protocols
- Knowledge of Windows and Linux operating systems
- Understanding of MITRE ATT&CK and D3FEND
- Knowledge of advanced attacker tools, techniques, and procedures (TTP)
- Current malware campaigns TTPs
- Experience with malware analysis
- Experience with digital forensics tools and case procedures
- Deep packet and log analysis
- Knowledge of enterprise architecture including zero trust principles
- Common phishing techniques and how to investigate them
- Proficiency in technical writing
- Experience in customer service or client-facing roles
- Experience presenting and speaking to leadership
- The ability to mentor Tier 1 and Tier 2 analysts
Desired:
- Working knowledge of regex and scripting languages is highly preferred
- Additional relevant certifications such as those from GIAC or CompTIA
- Experience with major cloud service provider offerings
- Knowledge of offensive security tools and techniques
- Experience with cyber threat intelligence gathering and analysis
- Experience with cyber threat hunting
Clearance: Active Top Secret required. Top Secret w/ SCI eligibility preferred.
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
Benefits:
• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave