Digital Forensics and Incident Response (DFIR) Analyst (Principal Cyber Security Analyst) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Nevada National Security Sites · 6 hours ago

Digital Forensics and Incident Response (DFIR) Analyst (Principal Cyber Security Analyst)

positionNorth Las Vegas, NV
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$119K/yr - $181K/yr
date8+ years exp

Nevada National Security Sites is managed by Mission Support and Test Services, LLC, focusing on national security and critical infrastructure protection. The Principal Cyber Security Analyst specializing in Digital Forensics and Incident Response (DFIR) will safeguard against cyber threats and contribute to the U.S. government's national security objectives through incident response and digital forensics expertise.

Government Administration
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Monitors intrusion detection/prevention systems (IDS/IPS), Security Event and Incident Management (SEIM) tools, endpoint security tools, email gateways, firewalls, network infrastructure, and other appliances for security issues
Creates logical and physical forensic images of digital evidence via the network or directly from hosts
Analyzes host-based indicators of compromise or network traffic and analyzes additional log, forensic, malware, or other incident response related data, as needed
Participates as part of an incident response team to detect, respond to, contain, and remediate cyber-related threats against Information Technology (IT) assets
Seize digital evidence in support of investigations and conduct host-based and network-based forensic analysis of digital evidence
Create detailed reports of investigative activity for consumption by internal and external organizations to include: Human Resources, Legal Department, Information Security Officers, and local, state, and federal law enforcement
Conduct digital investigations involving breaches of Information Technology (IT) infrastructure, forensic investigations, legal and privacy issues requiring digital investigations, and network forensic investigations handling large scale, complex post-incident investigations where techniques such as network forensics, malware reverse engineering, log analysis, timeline creation, and host-based forensics have been applied
Have a deep understanding of high-tech investigation skills, techniques, and tools necessary for conducting live forensics on critical systems and being able to produce detailed analysis of the root cause of any incidents
Conduct detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis, impact assessments and rapid response to aid detection of those responsible and make recommendations to assist in prevention of similar incidents
Able to conduct reverse engineering of malware and other suspicious code and report the findings. Focus on projects of substantial complexity and broad scope, requiring interdisciplinary coordination
Leverage on practical experience to independently perform host based forensic investigations to establish user activity on that system
Independently plan, schedule, and direct projects, guided by established objectives, budgets, and schedules
Assist in researching, compiling, and analyzing technical data
Be relied upon to multitask as required between responsibilities
Review Cyber Security threat information and assist with mitigating vulnerabilities identified
Develop standards, practices, and procedures as well as increasing technical knowledge to solve problems and complete projects
Contribute to an overall productive and respectful work environment by providing excellent customer service and working in a positive, collegial manner. Maintain cooperative and respective working relationships with Cyber Security staff, other divisions, and other customers

Qualification

Digital ForensicsIncident ResponseForensic AnalysisMalware Reverse EngineeringWindows OSNetwork ProtocolsCyber Security VulnerabilitiesForensic SoftwareMobile Device ForensicsCommunication SkillsProject ManagementTeam Collaboration

Required

Bachelor's degree or equivalent training and experience in a computer-related field and at least 8 years of related experience
Demonstrate a thorough understanding of advanced principles, theories, standards, practices, protocols, and procedures used in Digital Forensics and Incident Response
Understand the Windows operating system and command line tools, network protocols, and TCP/IP fundamentals
Understanding of the Mac operating system and command line tools
Understanding of the Nix operating system and command line tools
Familiar with forensic hardware, software, and systems
Ability to conduct forensic analysis of mobile devices including Android, iOS, Blackberry, and cellular tablet devices
Understanding of the file system forensics including HFS, NTFS, FAT, EXT, and CDFS
Ability to conduct forensic analysis of the Windows XP, Vista, 7, 8, 10, and 11 file systems, Mac OSX, and various Nix platforms
Knowledge of network-based services and client/server applications, familiarity with intrusion detection systems, familiarity with network architecture and security infrastructure placement
Knowledge of Cyber Security vulnerabilities, mitigation strategies, network architecture, and how to apply security controls
Ability to articulate highly technical processes and information to a non-technical audience
Ability to render credible testimony in a court of law
Demonstrated skill and ability in the use of forensic software and hardware as well as other forensic equipment
Experience working in the computer forensics and other related fields with experience in support of conducting investigations relating to IT systems used in fraud, internal code of conduct violations, privacy, and legal, and compliance related events
Experience working with a broad variety of computer forensic hardware and software (preferably familiar with EnCase, FTK, and other forensic suites) and incident investigation tools and techniques
Ability to investigate large data compromise events to mitigate risk to data compromise events and investigating insider threats and incidents
Knowledge of computer forensic best practices and industry standard methodologies for responding to network threats
Ability to conduct online investigations and gather intelligence
Ability to understand policies, laws, regulations, and other directives
Ability to maintain strict confidentiality
Ability to effectively communicate in English, both verbally and in writing, sufficient enough to communicate with coworkers, customers, testify, write clear and concise reports, and collect information
Ability to use multiple electronic devices including standard office machines, cellular phones, and security appliances
Ability to meet the physical requirements necessary to safely and effectively perform all assigned duties
The primary work location will be at the Losee Road facility located in North Las Vegas, Nevada. Work at the Nevada National Security Site (located 65 miles northwest of Las Vegas, Nevada) may be required to support work
Work schedule will be 4/10s, Monday through Thursday (subject to change)
Pre-placement physical examination, which includes a drug screen, is required. MSTS maintains a substance abuse policy that includes random drug testing
Must possess a valid driver's license
MSTS is required by DOE directive to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications
Applicants offered employment with MSTS are also subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance
Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment
In addition, Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship, at least 18 years of age
Reference DOE Order 472.2 , 'Personnel Security'
If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted

Preferred

AccessData Certified Examiner (ACE)
Certified Forensic Computer Examiner (CFCE)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
Certified Electronic Evidence Collection Specialist (CEECS)
Certified Computer Examiner (CCE)
EnCase Certified Examiner (EnCE)
GIAC Certified Forensic Examiner (GCFE)
GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)

Benefits

Medical, dental, and vision
Both a pension and a 401k
Paid time off and 96 hours of paid holidays
Relocation (if located more than 75 miles from work location)
Tuition assistance and reimbursement

Company

Nevada National Security Sites

twitter
company-logo
The Nevada National Security Sites help ensure the security of the United States and its allies by: supporting the stewardship of the nation’s nuclear deterrent; providing nuclear and radiological emergency response capabilities and training; contributing to key nonproliferation and arms control initiatives; executing national-level experiments in support of the National Laboratories; working with national security customers and other federal agencies on important national security activities; and providing long-term environmental stewardship of the NNSS’s Cold War legacy.
location
North Las Vegas, Nevada, US
people-size1001-5000 employees
web-link
https://www.nnss.gov/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Melissa Biernacinski
Action Officer, Government/Customer Relations and Strategic Partnerships
linkedin
Company data provided by crunchbase