• Collect and analyze intrusion artifacts and ensure Chain of Custody is followed.
• Conduct analysis of log files
• Assist, collect and preserve evidence found during the cyber incident and create forensically sound duplicate of the evidence to ensure the original is not unintentionally modified.
• Examine recover data for relevance to the security incident under review.
• Perform hash comparisons, live forensics analysis, static analysis and timeline analysis
• Create and provide technical summary of findings in accordance with established reporting procedures.
• Employ an array of specialized computer investigative and data carving techniques.
• Lead/coordinate efforts to develop and improve process changes to enhance response procedures.
• Provide on-boarding training and coaching to for lower-level CSIR Analysts
• Coordinates with CSIR Team Lead, assist with CSIR planning/activities and provides direction to the CSIR Incident Responders assigned to the exercise
Training and Experience (Specify Years and Kind) This position is with the Cyber Incident Response Team (CSIR) within the IT/IM/IA Cyber Security (CS) Work Force Division at NAWCWD, China Lake.
Position requirements are:
• Requires a BA/BS degree in Computer Science, Information Systems Management, Mathematics, Operations Research, Statistics, Engineering or relevant technical discipline.
• *** SUBSTITUTION****: An equivalent combination of education, technical certifications or training, or work experience.
• At least eight (8) years of computer science experience inclusive of at least one (1) year each performing as:
o A team leader or supervisor
o A Computer scientist supporting cyber incident investigations
• Required Experience:
o Basic System Administration, Network, and Operating System hardening techniques.
o Analyzing IT cyber security incidents
o Resolving computer incidents and forensic investigations providing root cause analysis
o Performing packet level analysis.
o Supporting Cyber Incident/Network Investigations and using event escalation and reporting procedures
o Experience with forensics to include cloning exposure, proper marking and handling of material and information, understanding and use of basic system administration and incident handling tool sets (BlueCoat, HBSS, Nessus, ACAS, Disk Jockey, WireShark, CAINE, XC-Ways, etc.)
o Network monitoring, analysis, troubleshooting, and configuration control technologies
o Strong customer service, oral and written communication skills
o Chain of Custody procedures and safeguarding sensitive information.
• Current Security+, CCNA-Security, SSCP, GSEC or higher IT Security Certification is required.
• Completion of Operating System certifications (Linux, Windows 10, or Windows Sever 2012) is required within six (6) months of hire date.
• U.S. Citizenship and ability to obtain a permanent U.S. DoD Secret Security Clearance required.
• Upon hire a signed CSIR Team Non-Disclosure Agreement. Desired Qualifications:
• Current CEH, CSIH, GCFA, or GCIH Certifications are preferred.
• Experience managing cases with enterprise SIEM and logging systems
• Experience conducting forensic media analysis and log file analysis
• Lifting and moving light to medium (10# - 40#) laboratory equipment
• Crawling or working in a laboratory environment (routing cables and equipment)
• Special clothing/equipment (wearing) May include for example, safety shoes, hearing protection, hard hat protection
• Occasional high noise level as expected in an electronic testing and technical machining laboratory
• Laboratory environment ( electronic design laboratory, machine shop, computer workstation)
• Needs to work well with, co-operate, and support clients, supervisors, and co-workers
• Normal indoor and outdoor laboratory climatic conditions
• Hazardous conditions only as it pertains to the safe operation of electronic and mechanical technician related equipment
• Work site is at the Naval Base, China Lake, Ca. laboratories
• Need for clear, concise, accurate communication
• Punctual and reliable on the job performance
• Standard office equipment and machines. Computer workstation and operation of laboratory measurement devices.
• Tools used in the electronic and mechanical technician trade (for example; fabrication, molding, bonding, soldering, drilling, electronic measuring, wiring and wire bundle fabrication and assembly)
• Standard laboratory electronic and mechanical test equipment
• Normal hours are Monday - Thursday 7:00am - 5:00pm, non-flex Fridays 7:00am to 4:00pm
• Punctuality and regular attendance are necessary to meet deadlines
• Regular attendance is necessary and required
• Must be able to communicate effectively
• Must demonstrate professional behavior at all times when dealing with clients, management and employees
• Grooming and dress must be appropriate for the position and must not impose a safety risk to the employee or others
• Must be able to support and work in a proactive team environment
• Must hold the safety of yourself and those around you as the number one priority in the workplace
• Current driver's license, car registration and auto insurance required
• Completion of required certifications required within six (6) months of hire date
• U.S. Citizen and ability to obtain an interim and a permanent U.S. DoD Secret Security Clearance required
• Requires the ability to possess a Government CAC Card