Forensics Analyst

Merrifield, Virginia, United States

Applications have closed

At phia, our goal is to hire talented and passionate team members who desire to grow their skillsets, as well as the reputation of the company with our partners, clients, and stakeholders. We are seeking an experienced Forensics Analyst. This job is located in Merrifield, VA with some remote capability during the pandemic at the discretion of the customer. Preferred candidates will live within a commutable distance to this locations.

This support contract provides a broad range of cyber services to all components under the CISO including cyber operations, cyber risk, security engineering and digital integration departments. The client’s enterprise consists of over 600,000 employees, 500,000 devices, 200,000 enterprise email accounts, 200,000 endpoints, 800 firewall sets, and 640+ URLs of which 350 require web application firewall protection.

What You'll Do

  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform deep dive analysis (manual and automated) of malicious links and files.
  • Analyze malicious activity to determine tactics, techniques, and procedures used
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation. Handle major, high impact incidents with the ability to generate clear, concise recommendations and coordinate activities and professional communications across a range of stakeholders.

Requirements

Education + Experience

  • 5+ years’ experience with incident response and Cybersecurity forensics
  • Experience with host level scripting, e.g. Powershell.
  • Experience with conducting threat hunts using and adhering to the MITRE ATT&CK framework.
  • Able to conduct network analysis to determine root cause and impact of security incident.
  • Knowledge of exploit kits and adversary techniques.
  • Experience and knowledge to investigate suspicious activity and identify indicators of compromise
  • Experience with analysis software (i.e. EnCase)
  • Experience with memory analysis
  • Experience in working with one or more Cloud Platforms
  • Familiarity with cybersecurity operation center functions

Preferred

Strong Working Knowledge of :

  • Security Information and Event Management (SIEM) systems
  • Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
  • Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
  • Network and Host malware detection and prevention
  • Network and Host forensic applications
  • Web/Email gateway security technologies
  • Sysmon
  • Log aggregation tools
  • Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
  • Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
  • Demonstrated solid planning and organizational skills
  • Demonstrated experience working independently and as part of a team

Security Clearance Requirements

  • Ability to obtain Public Trust (or higher) government clearance. Active USPS Sensitive clearance preferred.

Who You Are

  • A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
  • Intellectually curious with a genuine desire to learn and advance your career.
  • An effective communicator, both verbally and in writing.
  • Customer service-oriented and mission-focused.
  • Critical thinker with excellent problem-solving skills.

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

IMPORTANT: This position is subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19. As a condition of employment, the successful candidate will be required to provide proof of full COVID-19 vaccination prior to commencing employment. Prospective or new employees who are unable to be vaccinated due to medical reasons or a sincerely held religious belief may request a reasonable accommodation. This request must be approved prior to the start of employment to the extent a reasonable accommodation is available that does not pose an undue hardship on phia or a direct threat to the candidate or phia’s employees.

Benefits

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

  • Comprehensive medical insurance to include dental and vision
  • Short Term & Long-Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Tuition and Professional Development Assistance
  • Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.

Job region(s): North America
Job stats:  13  0  0

Explore more Information Security career opportunities