Today
Secret
Unspecified
Unspecified
Finance
Arlington, VA (On-Site/Office)
Tyto Athene is searching for a Mid-Level Digital Forensics Incident Response Analyst to support our customer in Arlington, Virginia.
Responsibilities:
* Utilize state-of-the-art technologies such as EDR, SEIM, and full packet capture to perform hunt and investigative activity to examine endpoint and network-based activity
* Conduct host and network forensics, log analysis, triage, and malware analysis in support of incident response
* Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
* Contribute to rule and signature creation for cybersecurity tools
* Lead IR activities and provide regular incident updates to key stakeholders and executive leadership
* Serve as an incident point of contact with law enforcement, third-party vendors, and other external parties
* Work with key stakeholders to implement remediation plans in response to incidents
* Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
* Capture cybersecurity metrics in direct support to regular tactical and executive-level briefings (daily, weekly, monthly, quarterly, annual, and ad hoc)
* Create IR and forensics reports documenting findings, detailed analysis, recommendations, and lessons learned.
* Act as a technical escalation point for SOC Watch Floor and mentor junior staff
* Author Standard Operating Procedures (SOPs) and training documentation when needed
Required:
* Bachelor's degree in Computer Science, Information Technology, or related field and 4 years of relevant experience
* Experience with EDR and SIEM technologies
* Advanced knowledge of TCP/IP protocols
* Knowledge of Windows and Linux operating systems
* Understanding of MITRE ATT&CK and D3FEND
* Knowledge of advanced attacker tools, techniques, and procedures (TTP)
* Current malware campaigns TTPs
* Experience with malware analysis
* Experience with digital forensics tools and case procedures
* Deep packet and log analysis
* Knowledge of enterprise architecture including zero trust principles
* Common phishing techniques and how to investigate them
* Proficiency in technical writing
* Experience in customer service or client-facing roles
* Experience presenting and speaking to leadership
* The ability to mentor Tier 1 and Tier 2 analysts
Desired:
* Working knowledge of regex and scripting languages is highly preferred
* Additional relevant certifications such as those from GIAC or CompTIA
* Experience with major cloud service provider offerings
* Knowledge of offensive security tools and techniques
* Experience with cyber threat intelligence gathering and analysis
* Experience with cyber threat hunting
Clearance:Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
After several strategic acquisitions in 2021, Tyto Athene has experienced enormous opportunity and growth. Aside from being the leading provider of mission-focused IT and Cyber services and solutions to critical U.S. government agencies, Tyto is well-positioned to meet the growing demand for network modernization requirements across the federal enterprise.
Our employees are the key to the innovation that has made Tyto a success. We provide an environment that is geared to reward potential, innovation, and teamwork. If you would like to unleash your creativity and your career -- it's time to join Team Tyto!
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Responsibilities:
* Utilize state-of-the-art technologies such as EDR, SEIM, and full packet capture to perform hunt and investigative activity to examine endpoint and network-based activity
* Conduct host and network forensics, log analysis, triage, and malware analysis in support of incident response
* Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
* Contribute to rule and signature creation for cybersecurity tools
* Lead IR activities and provide regular incident updates to key stakeholders and executive leadership
* Serve as an incident point of contact with law enforcement, third-party vendors, and other external parties
* Work with key stakeholders to implement remediation plans in response to incidents
* Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
* Capture cybersecurity metrics in direct support to regular tactical and executive-level briefings (daily, weekly, monthly, quarterly, annual, and ad hoc)
* Create IR and forensics reports documenting findings, detailed analysis, recommendations, and lessons learned.
* Act as a technical escalation point for SOC Watch Floor and mentor junior staff
* Author Standard Operating Procedures (SOPs) and training documentation when needed
Required:
* Bachelor's degree in Computer Science, Information Technology, or related field and 4 years of relevant experience
* Experience with EDR and SIEM technologies
* Advanced knowledge of TCP/IP protocols
* Knowledge of Windows and Linux operating systems
* Understanding of MITRE ATT&CK and D3FEND
* Knowledge of advanced attacker tools, techniques, and procedures (TTP)
* Current malware campaigns TTPs
* Experience with malware analysis
* Experience with digital forensics tools and case procedures
* Deep packet and log analysis
* Knowledge of enterprise architecture including zero trust principles
* Common phishing techniques and how to investigate them
* Proficiency in technical writing
* Experience in customer service or client-facing roles
* Experience presenting and speaking to leadership
* The ability to mentor Tier 1 and Tier 2 analysts
Desired:
* Working knowledge of regex and scripting languages is highly preferred
* Additional relevant certifications such as those from GIAC or CompTIA
* Experience with major cloud service provider offerings
* Knowledge of offensive security tools and techniques
* Experience with cyber threat intelligence gathering and analysis
* Experience with cyber threat hunting
Clearance:Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
After several strategic acquisitions in 2021, Tyto Athene has experienced enormous opportunity and growth. Aside from being the leading provider of mission-focused IT and Cyber services and solutions to critical U.S. government agencies, Tyto is well-positioned to meet the growing demand for network modernization requirements across the federal enterprise.
Our employees are the key to the innovation that has made Tyto a success. We provide an environment that is geared to reward potential, innovation, and teamwork. If you would like to unleash your creativity and your career -- it's time to join Team Tyto!
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
group id: 91085617
