Cyber Defense Forensics Lead

ACTIVITIES & RESPONSIBILITIES

Provide support to the Cyber Defense Forensic team in support of Insider Threat Operations and Security Operations according to established policies, handbooks, and Standard Operating Procedures (SOPs). This support includes monitoring activities, conducting threat analysis, investigating policy violations, identifying mitigation and / or remediation courses of action, and assessing risk posed by trusted insiders. Support the Cyber Defense Forensics and Insider Threat investigations through near real- time (when possible, based on tools) monitoring of the Data Loss Prevention (DLP) solutions and other applicable tools. Provide recommendations for Information Spillage Incident Response efforts on handling and sanitization methods pursuant to industry best practices, NIST 800-88 recommendations, and Federal guidelines. Conduct enterprise and individual system(s) endpoint (e.g., Windows, Linux, Mac, and Cloud systems) and network based digital forensic analysis in support of Cyber Defense Forensics or Insider Threat investigations. Leverage commercially available and open-source forensic tools to efficiently perform forensic analysis. Assist with maintaining Forensics lab equipment. Assist with conducting formal digital forensic investigations and document findings in formal investigation reports. Assist with performing email hygiene activities. Support enterprise recovery efforts as necessary to ensure that security events and incidents are properly remediated prior to reconstitution. Make recommendations on the implementation of new tools and technologies that will enhance or generally improve SOC functions and capabilities.

SKILLS

• The ability to create insider threat focused dashboards, reports and workflow diagrams.
• Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data.
• Experience with ad hoc training to junior members in a collaborative environment.
• Experience with cloud- based security technologies, architecture, and computing and searching, monitoring, and analyzing machine-generated big data is preferred.
• Creating and escalating cases via ticket management system
• Answer and respond to security events reported via external and /or internal parties via phone calls and group mailboxes.
• Performing static and dynamic file analysis to identify malware characteristics, intent, and origin.
• Conducting malware analysis and providing Malware Analysis Reports.
• Providing requirements, playbooks, and workflows to support automation of Cyber Defense Forensics tasks.
• Make recommendations for Zero Trust readiness and architecture for Cyber Defense Forensics (CDF) assigned tasks and pillars.

REQUIRED QUALIFICATIONS

• Clearance requirement: Top Secret (SCI eligible)
• Experience: Minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security
• Education: Bachelor’s of Science in computer engineering, computer science, IT or cyber security preferred (or 5 years of relevant work experience in lieu of a degree)
• A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in insider threat monitoring software, host-based forensic tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, security operations ticket management.

We are seeking an experienced Cyber Defense Forensics Lead in support of a government customer to join our team to provide Security Operations Support (SOC) Services to a government agency whose mission is to protect our Nation’s borders from terrorist attacks, to provide law enforcement for over forty (40) Federal agencies, and to protect the revenue of the United States while facilitating trade. The SOC is a single point of management and reporting for information security incidents. The SOC exists to prevent, identify, contain, and eradicate cyber threats to networks through monitoring, intrusion detection, and protective security services to information systems, including local area networks / wide area networks (LAN / WAN), commercial Internet connection, public facing websites, wireless, mobile / cellular, cloud, security devices, servers, and workstations. The SOC is responsible for the overall security of Enterprise-wide information systems and collects, investigates, and reports any suspected and confirmed security violations.

TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.

We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.

Visit us at www.TekSynap.com. 

Apply now to explore jobs with us!  

The safety and health of our employees is of the utmost importance.  Employees are required to comply with any contractually mandated Federal COVID-19 requirements.  More information can be found here.

WORK ENVIRONMENT AND PHYSICAL DEMANDS

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job.  Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. 

• Location: Ashburn Virginia
• Remote or In-Person: 100% On site. Remote/Telework not available.
• Type of environment: Office
• Noise level: Medium
• Work schedule: Schedule is day shift Monday – Friday.
• Amount of Travel: Some travel may be required

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORK AUTHORIZATION/SECURITY CLEARANCE

Top Secret (SCI eligible)

OTHER INFORMATION

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

TekSynap is a drug-free workplace. We reserve the right to conduct drug testing in accordance with federal, state, and local laws. All employees and candidates may be subject to drug screening if deemed necessary to ensure a safe and compliant working environment.

EQUAL EMPLOYMENT OPPORTUNITY

In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age, genetic information, or any other characteristic protected by law (referred to as “protected status”). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment.