Cyber Defense Forensics Analyst Senior

LTS is seeking an experienced Cyber Defense Forensics Analyst Senior to support the program with the Department of Commerce. This role involves applying advanced forensic techniques and methodologies to detect, analyze, and mitigate threats. The analyst will perform hypothesis-based and intelligence-based cyber threat hunts, analyze large data sets, identify novel attack techniques, and work closely with other security teams to defend against potential intrusions. The position requires expertise in forensic evidence collection, intrusion analysis, and reporting to ensure that all cyber incidents are managed effectively and in accordance with federal rules and best practices. This position is contingent on award and requires 100% on-site in Washington D.C.

Responsibilities:

1. Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM).
2. Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments.
3. Use cloud-native techniques and methods to identify and create threat detections for automated response activities.
4. Use Agile methodology to organize intelligence, hunts and project status.
5. Able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts.
6. Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
7. Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion.
8. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
9. Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes.
10. Provide a technical summary of findings in accordance with established reporting procedures.
11. Ensure that the chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
12. Recognize and accurately report forensic artifacts indicative of a particular operating system.
13. Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
14. Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

Required Skills, Experience & Qualifications:

1. Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required. Master’s degree is preferred.
2. A minimum of 7 years of experience in cybersecurity, digital forensics, incident response or a related field is required.
3. Must be a U.S. citizen.
4. Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), Certified Information Systems Security Professional (CISSP), or other relevant certifications in digital forensics or cybersecurity are required. GIAC Cyber Threat Intelligence (GCTI), GIAC Network Forensics (GNFA), or similar certifications are a plus.
5. In-depth knowledge of cyber forensics and incident investigation techniques, with practical experience using forensic tools such as FTK, EnCase, and Volatility.
6. Proficient in threat detection, analysis of malware, and use of advanced threat intelligence platforms.
7. Expertise in forensic tools and techniques for data carving and analysis, including FTK, Foremost, and other digital forensics tools.
8. Knowledge of the MITRE ATT&CK Framework and Azure Threat Research Matrix (ATRM) to identify and analyze threat actors, tactics, and techniques.
9. Experience with cloud-native security practices and tools for threat detection and hunting in cloud environments.
10. Ability to work with large datasets, perform data correlation, and identify patterns indicative of security threats or intrusions.
11. Proficiency in using Agile methodologies to organize and manage tasks, track progress, and ensure timely delivery of threat intelligence and forensic analysis reports.
12. Excellent written and verbal communication skills, with the ability to clearly document findings, communicate technical issues, and present complex data to both technical and non-technical stakeholders.
13. Experience working within the federal government or a similar public-sector environment, with a focus on cybersecurity operations or digital forensics.

LTS is committed to offering eligible employees comprehensive benefits that will provide them with options intended to meet their needs and the needs of their family.

LTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.