Enable job alerts via email!

Malware and Forensic Analyst (Senior)

cFocus Software Incorporated

Washington (District of Columbia)

On-site

USD 103,000 - 191,000

Full time

30+ days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is looking for a Senior Malware and Forensic Analyst to join their team supporting US Courts in Washington, DC. In this pivotal role, you will utilize your extensive experience in forensic analysis and malware investigation to assist in understanding and mitigating cyber threats. Your expertise with advanced forensic tools will be crucial in delivering comprehensive incident reports and ensuring the integrity of digital evidence. This position offers a unique opportunity to contribute to the security of the Judicial Branch of Government while working in a collaborative and dynamic environment.

Qualifications

  • 5 years of experience analyzing forensic artifacts and identifying intrusion root causes.
  • Ability to perform malware analysis and create evidence duplicates.
  • Experience with various forensic tools and incident response.

Responsibilities

  • Provide digital forensics and incident response support to the AOUSC Security Operations Center.
  • Analyze forensic artifacts to identify intrusion elements and root causes.
  • Perform live forensic analysis based on SIEM data.

Skills

Forensic Analysis
Malware Analysis
Data Carving Techniques
Incident Response
Filesystem Timeline Analysis
Static and Dynamic Analysis

Education

GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
EnCase Certified Examiner

Tools

Magnet AXIOM
SANS SIFT Workstation
Encase
Velociraptor
KAPE
Cellebrite
Splunk

Job description

1 month ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC.

Required Qualifications include:

  • 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)
  • 5 years of experience utilizing the following forensics tools :
    • Magnet AXIOM to acquire, analyze, and report on digital evidence;
    • SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis;
    • Encase to collect, analyze, and report on digital evidence;
    • Velociraptor to collect and analyze data from multiple endpoints;
    • KAPE (Eric Zimmerman’s tools) to collect and process files;
    • SUMURI TALINO Workstations/Laptops
    • Cellebrite
    • Bi-Weekly Threat Assessment Reports (BTARs)
  • Must have ability to perform required forensics/malware analyst duties, including:
    • Create duplicates of evidence that ensure the original evidence is not unintentionally modified;
    • Extracting deleted data using data carving techniques
    • Performing static and dynamic malware analysis to discover indicators of compromise (IOCs)
  • Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
Desired Qualifications include:
  • One of the following certifications:
    • GIAC Certified Intrusion Analyst (GCIA)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Continuous Monitoring (GMON)
    • GIAC Defending Advanced Threats (GDAT)
    • Splunk Core Power User
    • EnCase Certified Examiner
    • Sans GCFA
    • Volatility Certified
Duties:
  • Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing for informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR). IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
  • Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
  • Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
  • Perform live forensic analysis based on SIEM data (e.g., Splunk).
  • Perform filesystem timeline analysis for inclusion in forensic report.
  • Extract deleted data using data carving techniques.
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
  • Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
  • Additional forensics/malware analysis activities may include:
    • Perform efficient and prioritized identification of cyber security threats and incidents with an emphasis on clear articulation of the potential threat(s) and actualized risks associated with such threats and incidents.
    • Objectively measure reduction of adversary dwell time within judicial networks.
    • Perform comprehensive analysis of security incidents for identification of root cause in support of detection improvements and risk mitigations.
Deliverables:
  • Image Duplication: Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM (Heat or Service Now)
  • Deleted Files: Deleted files supplied to requestor.
  • Advanced SME IR Reports : Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365).
  • Incident Reports : All forensic reports include a timeline. The timeline includes network, endpoint, and application events (if available). The report contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
  • Forensic Reports: Document the results of a forensic investigation. Report will include a table of contents, executive summary, timeline of events, and a conclusion.
  • Malware Analysis Reports: Document the results of analyzing a specific malware specimen. Report shall include a table of contents, executive summary, technical details, indication of persistence mechanisms and a conclusion.
  • Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
  • Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases.

Seniority level
  • Seniority level
    Mid-Senior level
Employment type
  • Employment type
    Full-time
Job function
  • Job function
    Other, Information Technology, and Management
  • Industries
    Financial Services, Software Development, and Technology, Information and Internet

Referrals increase your chances of interviewing at cFocus Software Incorporated by 2x

Sign in to set job alerts for “Forensic Analyst” roles.
Security Computer & Forensics Investigator
Computer Forensic & Intrusion Analyst-SME
Government and Public Sector - Cybersecurity - Defense Responder - Senior Consultant

McLean, VA $103,800.00-$190,300.00 1 week ago

Senior Scientist (Forensic/Analytical Chemist) - CBP (Onsite)

Washington, DC $63,093.33-$85,626.66 3 months ago

Arlington, VA $63,093.33-$85,626.66 3 months ago

Arlington, VA $63,093.33-$85,626.66 3 months ago

Host Forensic Analyst/Host Based Systems Analyst

Tysons Corner, VA $63,093.33-$85,626.66 3 months ago

Rockville, MD $63,093.33-$85,626.66 3 months ago

Tysons Corner, VA $135,000.00-$165,000.00 2 months ago

Host Forensics Analysts/Host Based Systems Analyst
Digital Forensic Analyst (TS/SCI)- Senior & Mid

Washington, DC $81,120.00-$117,173.33 6 months ago

Rockville, MD $81,120.00-$117,173.33 6 months ago

Arlington, VA $81,120.00-$117,173.33 6 months ago

Arlington, VA $81,120.00-$117,173.33 6 months ago

Tysons Corner, VA $81,120.00-$117,173.33 6 months ago

District of Columbia, United States 4 months ago

Arlington, VA $126,100.00-$227,950.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs

Malware and Forensic Analyst (Senior)

cFocus Software Incorporated

Washington

Remote

USD 80.000 - 120.000

30+ days ago

Mobile Threat Detection (MTD) Analyst - Senior

Cayuse Holdings

Washington

On-site

USD 135.000 - 170.000

Today
Be an early applicant

Senior SOC Analyst/Lead @ ECS

Cyber Crime

Mississippi

Remote

USD 90.000 - 130.000

4 days ago
Be an early applicant

Cyber Incident Response and Forensic Analyst (Senior)

cFocus Software Incorporated

Washington

Remote

USD 80.000 - 110.000

30+ days ago

Cyber Defense Forensics Analyst Senior

LTS Inc.

Washington

On-site

USD 80.000 - 120.000

30+ days ago

Cyber Defense Forensics Analyst Senior

LTS Inc.

Washington

On-site

USD 80.000 - 130.000

30+ days ago

Cybersecurity Senior Analyst (SecOps)

Webster Bank

Southington

On-site

USD 115.000 - 130.000

30+ days ago