Job Title: Deployable Digital CELLEX/ MEDEX Examiners

Experience Levels: Junior - Senior

Location: Tampa, FL

Travel: Multiple OCONUS deployments per year which may include hostile fire areas

Clearance: TS/SCI

Quiet Professionals, LLC is seeking TS/SCI Cleared Deployable CELLEX/ MEDEX Examiners to work in Tampa, FL and deploy as necessary supporting USSOCOM.

Duties and Responsibilities:

• CELLEX/ MEDEX Examiners leverage deep technical knowledge, supported by a variety of commercially available, government-provided, and in-house developed digital forensic tools and techniques to exploit digital media and report findings.
CELLEX/ MEDEX Examiners conduct multiple OCONUS deployments per year which may include hostile fire areas, supporting USSOCOM.

Requirements:

• Active DoD TS/SCI security clearance
• CELLEX/ MEDEX Examiners must possess a thorough understanding of the technical fundamentals behind digital forensics as they relate to CELLEX/ MEDEX including: mobile file systems, mobile operating system internals, mobile applications, binary file formats, encryption/encoding/hashing algorithms, Wi-Fi, Bluetooth, nearfield, and cellular communication protocols and artifacts, roots/jailbreaks/vulnerabilities, bootloaders, firmware, the baseband, patches, permissions, and common locations of artifacts of interest.
• Examiners must be able to display unquestionable proficiency with the process of forensic imaging and be able to utilize a variety of tools like Cellebrite UFED4PC, Physical Analyzer, XRY, AXIOM, X-Ways, FTK Imager, Bulk Extractor, and Autopsy.
• Must be familiar with various imaging formats (DD, AFF, RAW, E01, Vendor Proprietary), imaging types (Physical, File System, Logical), hashing algorithms (MD5, SHA, etc.), and hidden disk areas like HPA/DCO.
• Must know what to do when commercial tools fail.
• Must be familiar with the principles of chain-of-custody and the use of Standard Operating Procedures (SOP)s in a reliable and repeatable manner and taking detailed notes that are courtroom ready in the event that it ever becomes necessary.
• Must be proficient in handling various types of hardware devices, cables, chargers and associated removable storage (if applicable).
• Must also be able to identify and assess damaged hardware for escalation to hardware teams without further jeopardizing recovery efforts.
• Examiners must possess a thorough understanding of the technical fundamentals behind digital forensics including file systems, operating system internals, binary file formats, encryption/encoding/hashing algorithms, and an understanding of Windows registry analysis (for Windows examinations).
• Examiners must possess a thorough understanding of both iOS and android mobile platforms to include how data is stored and can be parsed.
• Must be proficient in dismantling various types of hardware devices (desktops, laptops, game consoles, mobile devices, drones, and other enclosures or devices) in a non-descriptive manner to access the storage media that must be imaged.
• They must also be able to identify and assess damaged hardware for escalation to hardware teams without further jeopardizing recovery efforts.
• Must be willing and able to assist in the conduct of Sensitive Site Exploitation (SSE), providing the full gamut of aforementioned technical exploitation services anywhere in the world that the customer operates, be medically deployable, and willing to deploy multiple times a year OCONUS to locations that may include hostile fire areas
• 2 years of technical exploitation experience (or directly related experience). Examples of qualifying experience includes, but is not limited to, conducting digital forensic investigations, providing technical MEDEX/CELLEX/DOMEX/TECHEX services, targeted forensic software development, binary file or application reverse engineering
• Examiners must be able to conduct detailed full-scope forensic examinations without having to rely on any particular tool or set of tools.
• Must be proficient in the use of the shell and a hex editor, have a strong understanding of how SQlite databases work, understand the nuances of foreign text/language encoding methods, and be able to craft SQL statements.
• Must be familiar with all core elements of technical exploitation examinations
• Able to conduct targeted searches for information of immediate operational relevance, Large dataset analysis to include conducting foreign-language keyword searches, Advanced app and internet history analysis, Logical file and related metadata extraction, deduplication, and ranking/pruning, Deleted data recovery (carving), basic binary-level file repair, and sector-level entity extraction, The identification of encrypted files, containers, and volumes, The identification of anti-forensic practices, i.e. steganography, data hiding apps, hidden or protected messing applications, free-space wiping tools, and other generic data hiding tricks
• Have a general understanding of how mobile malware operates, be able to detect its existence, and extract relevant artifacts for escalation to Reverse Engineering teams
• Examiners must be able to act as subject matter expert-level technical resources to federated partners, internal customers, and forward-deployed elements. They must provide timely and on-demand remote support to various operational and non-operational elements in order to ensure mission success
• Examiners must be able to rapidly produce and concisely brief technically proficient triage-level, analyst targeted and deep-dive reporting products, intelligently prioritizing the depth of examination based upon current operationally imposed time constraints
• Examiners must be able to generate professional technical exploitation reports of interest to the U.S. Government (USG) and their partners, develop device, collection, and cross-collection based reports to meet mission demands
• Examiners must be willing and able to design, plan, integrate, support, and execute full-spectrum technical exploitation training and exercises
• Possess at least one active industry or DoD standard forensic certification (i.e. CCME, CCO, CCPA, CMFF, CUFO, XRY Certification, MCFE, EnCE, ACE, CCE, GIAC, CFCE, DC3/DCITA Certified Digital Forensic Examiner)
• Experience conveying highly technical information effectively and concisely to a wide range of audiences via both briefings and technical reports

Preferred:

Bachelor of Science Degree is preferred in Computer Science, Electrical Engineering, Computer Engineering, Data Science, Computer Information Systems, Math, Computer Forensics/Digital Investigations, Information Technology, Criminal Justice, Intelligence Studies, or another degree. An applicable Master of Science degree may be counted as two additional years of experience. Education requirements may be waived with additional years of relevant experience.

Quiet Professionals, LLC, (QP) is an independently owned and operated CVE-Certified Service-Disabled Veteran Owned Small Business (SDVOSB) with headquarters located in Tampa, Florida. Our goal is to provide innovative and sustainable solutions that improve operational effectiveness of our clients and partners. We have extensive knowledge and experience in a variety of areas involving Military Support, Intelligence, Information Technology and Security Operations. QP is committed to providing high quality services appropriate to the level of experience and expertise required in analyzing, planning, advising and conducting operations on a global scale.

Q uiet Professionals, LLC is proud to be an equal opportunity employer. Our team of Quiet Professionals are highly driven, innovative and results oriented. We empower our teams’ creativity, knowledge and expertise to support client needs by providing a diverse, inclusive and supportive workplace. We understand that diversity fuels innovation and powers our success.