Senior Digital Forensics Incident Response Analyst

Tyto Athene is searching for a Senior Digital Forensics Incident Response Analyst to support our customer in Arlington, Virginia.

Responsibilities:

• Utilize state-of-the-art technologies such as EDR, SEIM, and full packet capture to perform hunt and investigative activity to examine endpoint and network-based activity
• Conduct host and network forensics, log analysis, triage, and malware analysis in support of incident response
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
• Contribute to rule and signature creation for cybersecurity tools
• Lead IR activities and provide regular incident updates to key stakeholders and executive leadership
• Serve as the primary incident point of contact with customer, third-party vendors, and other external parties
• Work with key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
• Capture cybersecurity metrics in direct support to regular tactical and executive-level briefings (daily, weekly, monthly, quarterly, annual, and ad hoc)
• Create IR and forensics reports documenting findings, detailed analysis, recommendations, and lessons learned.
• Act as a technical escalation point for SOC Watch Floor and mentor junior staff
• Author Standard Operating Procedures (SOPs) and training documentation when needed

Required:

• Bachelor’s degree in computer science, Information Technology, or related field and 6 years of relevant experience or a Masters degree and 2 years
• Experience with EDR and SIEM technologies
• Advanced knowledge of TCP/IP protocols
• Knowledge of Windows and Linux operating systems
• Understanding of MITRE ATT&CK and D3FEND
• Knowledge of advanced attacker tools, techniques, and procedures (TTP)
• Current malware campaigns TTPs
• Experience with malware analysis
• Experience with digital forensics tools and case procedures
• Deep packet and log analysis
• Knowledge of enterprise architecture including zero trust principles
• Common phishing techniques and how to investigate them
• Proficiency in technical writing
• Experience in customer service or client-facing roles
• Experience presenting and speaking to leadership
• The ability to mentor Tier 1 and Tier 2 analysts

Desired:

• Working knowledge of regex and scripting languages is highly preferred
• Additional relevant certifications such as those from GIAC or CompTIA
• Experience with major cloud service provider offerings
• Knowledge of offensive security tools and techniques
• Experience with cyber threat intelligence gathering and analysis
• Experience with cyber threat hunting

Clearance: Active Top Secret required. Top Secret w/ SCI eligibility preferred.

Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave