Gray Tier Technologies

Host Based Systems Analyst

Full-Time in Arlington, VA - Senior

Core Competencies:

  • Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
  • Follows proper evidence handling procedures and chain of custody protocols
  • Produces written reports documenting digital forensic findings
  • Determines programs that have been executed, finds files that have been changed on disk and in memory
  • Uses timestamps and logs (host and network) to develop authoritative timelines of activity
  • Finds evidence of deleted files and hidden data
  • Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
  • Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
  • Performs all-source research for similar or related network events or incidents
  • Skill in identifying different classes of attacks and attack stages
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources

Requirements

  • (7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)
  • Proficiency level III includes all skills defined at level II in addition to the following:
  • Assists with leading and coordinating forensic teams in preliminary investigation
  • Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
  • Distills analytic findings into executive summaries and in-depth technical reports
  • Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
  • Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
  • Evaluates, extracts and analyzes suspected malicious code