Enable job alerts via email!

Senior Cyber Defense Forensics Analyst

LTS

Washington (District of Columbia)

On-site

USD 80,000 - 130,000

Full time

30+ days ago

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Start fresh or import an existing resume

Job summary

An established industry player is seeking a skilled Cyber Defense Forensics Analyst Senior to join their team. This vital role involves applying advanced forensic techniques to detect and mitigate cyber threats, ensuring all incidents are managed effectively. The successful candidate will perform in-depth analysis of data and logs, conduct threat hunts, and collaborate with security teams to enhance defenses. With a focus on forensic evidence collection and incident response, this position offers a unique opportunity to contribute to national security efforts. If you are passionate about cybersecurity and ready to make an impact, this role is for you.

Qualifications

  • 7+ years of experience in cybersecurity and digital forensics required.
  • Knowledge of MITRE ATT&CK Framework and cloud-native security practices.

Responsibilities

  • Conduct hypothesis-based cyber threat hunts to identify risks.
  • Analyze large data sets for novel attack techniques and incidents.

Skills

Cybersecurity
Digital Forensics
Incident Response
Threat Detection
Data Analysis
Communication Skills
Agile Methodology

Education

Bachelor’s degree in Cybersecurity, IT, or related field
Master’s degree in Cybersecurity, IT, or related field

Tools

Forensic Tool Kit (FTK)
EnCase
Volatility
Azure Threat Research Matrix (ATRM)

Job description

LTS is seeking an experienced Cyber Defense Forensics Analyst Senior to support the program with the Department of Commerce. This role involves applying advanced forensic techniques and methodologies to detect, analyze, and mitigate threats. The analyst will perform hypothesis-based and intelligence-based cyber threat hunts, analyze large data sets, identify novel attack techniques, and work closely with other security teams to defend against potential intrusions. The position requires expertise in forensic evidence collection, intrusion analysis, and reporting to ensure that all cyber incidents are managed effectively and in accordance with federal rules and best practices. This position is contingent on award and requires 100% on-site in Washington D.C.

Responsibilities:

  1. Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM).
  2. Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments.
  3. Use cloud-native techniques and methods to identify and create threat detections for automated response activities.
  4. Use Agile methodology to organize intelligence, hunts and project status.
  5. Able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts.
  6. Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
  7. Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion.
  8. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
  9. Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes.
  10. Provide a technical summary of findings in accordance with established reporting procedures.
  11. Ensure that the chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
  12. Recognize and accurately report forensic artifacts indicative of a particular operating system.
  13. Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
  14. Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

Required Skills, Experience & Qualifications:

  1. Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required. Master’s degree is preferred.
  2. A minimum of 7 years of experience in cybersecurity, digital forensics, incident response or a related field is required.
  3. Must be a U.S. citizen.
  4. Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), Certified Information Systems Security Professional (CISSP), or other relevant certifications in digital forensics or cybersecurity are required. GIAC Cyber Threat Intelligence (GCTI), GIAC Network Forensics (GNFA), or similar certifications are a plus.
  5. In-depth knowledge of cyber forensics and incident investigation techniques, with practical experience using forensic tools such as FTK, EnCase, and Volatility.
  6. Proficient in threat detection, analysis of malware, and use of advanced threat intelligence platforms.
  7. Expertise in forensic tools and techniques for data carving and analysis, including FTK, Foremost, and other digital forensics tools.
  8. Knowledge of the MITRE ATT&CK Framework and Azure Threat Research Matrix (ATRM) to identify and analyze threat actors, tactics, and techniques.
  9. Experience with cloud-native security practices and tools for threat detection and hunting in cloud environments.
  10. Ability to work with large datasets, perform data correlation, and identify patterns indicative of security threats or intrusions.
  11. Proficiency in using Agile methodologies to organize and manage tasks, track progress, and ensure timely delivery of threat intelligence and forensic analysis reports.
  12. Excellent written and verbal communication skills, with the ability to clearly document findings, communicate technical issues, and present complex data to both technical and non-technical stakeholders.
  13. Experience working within the federal government or a similar public-sector environment, with a focus on cybersecurity operations or digital forensics.

LTS is committed to offering eligible employees comprehensive benefits that will provide them with options intended to meet their needs and the needs of their family.

LTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.