Network Forensics Analyst

We are looking for a highly skilled Network Forensics Analyst to join our Security Operations Center (SOC). The ideal candidate will have extensive experience in digital forensics, incident response, and reverse engineering, with a solid understanding of cybersecurity tools and methodologies. This role requires a dedicated professional who can effectively respond to and mitigate security incidents in a fast-paced environment. This is a hybrid role up to three (3) days a week in Camp Springs, MD.

Responsibilities:

• Perform digital forensics using tools such as EnCase, FTK, and AXIOM.
• Utilize cybersecurity tools including FireEye, Microsoft ATA, Splunk, Exabeam, Stealthwatch, and Wireshark for incident detection and response.
• Conduct debugging using tools like OllyDbg, WinDbg, and ImmunityDbg.
• Engage in disassembling and reverse engineering using tools like IDA Pro.
• Analyze malicious code and understand various programming languages and operating systems.
• Utilize Linux/UNIX command-line interfaces and comprehend TCP/IP and networking concepts.
• Lead and support incident response activities, including containment, eradication, and recovery processes.
• Maintain detailed and accurate documentation of security incidents and forensic investigations.
• Ensure compliance with all security protocols and procedures.

Basic Qualifications:

• Must be a U.S. Citizen able to obtain an agency-specific clearance prior to starting, with the ability to attain up to a Final Top-Secret SCI Clearance.
• 2 years of experience with forensic tools such as EnCase, FTK, AXIOM, or other similar tools.
• 3 years of experience with cybersecurity tools including FireEye, Microsoft ATA, Splunk, Exabeam, Stealthwatch, and Wireshark.
• Experience with debugging tools (OllyDbg, WinDbg, ImmunityDbg) and disassembling tools (IDA Pro).
• Hands-on experience in reverse engineering.
• Strong understanding of programming languages and operating systems concepts.
• Basic familiarity with Linux/UNIX command-line interfaces, TCP/IP, and networking concepts and terminology.
• Must have at least two (2) of the following certifications: SANS GIAC (GCIA, GCFA, GCFE, GNFA, GCCC, and/or GREM), IACIS (CFCE or CIFR), Guidance Software (EnCE), or other comparable certifications or experience approved in advance by the SOC PM on a case-by-case basis.

Preferred Qualifications:

• An active Top-Secret SCI Clearance.
• 4 years of experience with forensic tools such as EnCase, FTK, AXIOM, or other similar tools.
• 5 years of experience with cybersecurity tools including FireEye, Microsoft ATA, Splunk, Exabeam, Stealthwatch, and Wireshark.

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.