Cybersecurity Forensics Analyst (Host Based)

At phia, our goal is to hire talented and passionate team members who desire to grow their skillsets, as well as the reputation of the company with our partners, clients, and stakeholders. We love to engage with intellectually curious individuals who possess the skill sets that meet our customer’s needs.

We have an opportunity for a highly skilled Cybersecurity Forensics Analyst with expertise in host based analysis to join the security team of a government organization that is securing the nation’s infrastructure. In this position you will provide remote and onsite advanced technical assistance critical to the customer mission. Job location is in Arlington, VA with temporary telecommuting during COVID-19.

What You'll Do

• Assist with leading and coordinating forensic teams in preliminary investigations
• Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
• Distill analytic findings into executive summaries and in-depth technical reports
• Serve as technical forensics liaison to stakeholders and explain investigation details to include forensic methodologies and protocols
• Track and document on-site incident response activities and provide updates to leadership throughout the engagement
• Evaluate, extract and analyze suspected malicious code
• Acquire/collect computer artifacts (e.g., malware, user activity, link files) in support of onsite engagements
• Triage electronic devices and assess evidentiary value
• Correlate forensic findings to network events in support of developing an intrusion narrative
• Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
• Perform forensic triage of an incident to include determining scope, urgency and potential impact
• Track and document forensic analysis from initial participation through resolution
• Collect, process, preserve, analyze and present computer related evidence
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
• Assist in documenting and publishing Computer Network Defense (CND) guidance and reports pertaining to incident findings

Requirements

Education + Experience

• BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 7-9 years of host or digital forensics experience
• 5+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
• Ability to create forensically sound duplicates of evidence (forensic images)
• Ability to author cyber investigative reports documenting digital forensics findings
• Proficiency with analysis and characterization of cyber attacks
• Proficiency with proper evidence handing procedures and chain of custody protocols
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
• Able to work collaboratively across physical locations
• Proficiency with common operating systems (e,g, Linux/Unix, Windows)

• This position will require U.S. Citizenship
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability

Desired Certifications

• GCFA, GCFE, EnCE, CCE, CFCE, CISSP

Desired Skills

• Experience with or knowledge of two or more of the following tools: EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, Splunk, Snort, Other EDR Tools: (Crowdstrike, Carbon Black, Etc)
• Proficiency with conducting all-source research

• A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
• Intellectually curious with a genuine desire to learn and advance your career.
• An effective communicator, both verbally and in writing.
• Customer service oriented and mission focused.
• Critical thinker with excellent problem-solving skills

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

Benefits

COMPANY OVERVIEW:

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.