Linthicum Heights, MD (Hybrid)
Looking for a Digital Forensic Examiner to analyze electronic media. Using a wide variety of forensic tools, the Digital Forensic Analyst examines forensic images of servers and clients (physical and virtual) of varying operating systems to determine and extensively report on the presence of malicious activity and artifacts.
Conducts digital media investigations and operations. Examines the hard drives of computers, storage devices, cell phones, PDAs, or any electronic device that may hold evidence that could be used in a court of law. Performs forensic analysis of digital information and gathers and handles evidence. Performs a variety of forensic and electronic discovery services, including digital evidence preservation, forensic analysis, data recovery, tape recovery, electronic mail extraction, and database examination. Uses forensically sound procedures to identify network computer intrusion evidence and identifies perpetrators. Employs forensic tools and techniques to support investigation of computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented, and corrupted data from digital media of all types. Observes proper evidence custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports. May be required to testify in federal/military court as expert witnesses.
- Requires a BA/BS in Computer Science, Forensic Science or related fields with 8-10 years relevant experience; or 6-8 years’ experience with MS/MA; or 3-5 years with PhD.
- At minimum, 5+ years’ experience conducting digital forensics on varying media sources to include; disk images, host-based and/or network logs, physical and virtual disk media within Windows and/or Linux operating system environments.
- Demonstrated experience in the field of digital media forensics using forensics tools such as: EnCase, Forensic Toolkit (FTK), and/or X-Ways.
- Experience identifying and reconstructing malicious activity to distinguish and pattern anomalous events from authorized device usage through logical and/or deleted artifact sources.
- Understanding of common cyber-attack methodologies and exploit techniques in alignment with the cyber kill-chain.
- Ability to research and apply effective indicators of compromise (IOC) to correlate vulnerabilities of known cyber-attack techniques employed during host-based exploitation.
- Familiarity in host-based security log parsing to include Windows Events and/or Linux audit log data sources.
- Experience analyzing and parsing Windows or Linux web service logs via command-line tools and techniques to isolate relevant audited events having been captured.
- Familiarity with client security and/or anti-virus clients’ application logs for threat detections.
- Knowledge and experience of virtual environments and network protocols and topologies.
- Understanding of NTFS and/or ext file systems in respect to their artifact source surface areas.
- Demonstrate and understand how to effectively apply investigative methodology throughout forensic examinations.
- Strong ability to work independently as well as collaboratively as part of a team as required under deadline driven environment.
- Strong writing with experience producing professional report deliverables clearly and concisely articulating relevant forensic analysis findings.
- Strong communicative and professional skills interacting with customers and team members.
- Strong ability to exercise initiative, problem-solving and critical thinking.
- Strong attention to detail required.
- Requires Top Secret/SCI clearance
- 5+ years of experience with Windows system administration, to include Windows server and network infrastructure.
- Cloud Forensics experience.
•One or more related certifications such as the GIAC, EnCE, CFCE, CCE, CISSP, DOD.
•Knowledge of a programming or scripting language.
•Incident Response experience.
•Mobile iOS and Android device analysis.
Equal Employment Opportunity:
GovTact and Insperity provide equal employment opportunities to all employees and applicants in all company facilities without regard to race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, (or related medical conditions, including, but not limited to lactation), physical disability, mental and/or intellectual disability, age, military status or status as a Vietnam-era or special disabled veteran, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws.
This applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.