Live Incident Handling(PEN001630)
Position Summary : Capture and perform initialanalysis on captured volatile data, log data, captured network traffic data,etc.
to identify any immediate intrusion related artifacts which in turn willallow immediate defensive countermeasures to be implemented.
The Contractorshall develop necessary procedures or scripts to identify such data.
Major Job Activities : Immediately upon capture of volatile data and / or power down ofeach individual system, in conjunction with Army Cyberspace Operations andIntegration Center / Forensic Malware Analysis / Regional Cyber Center(ACOIC FMA RCC) request, coordinate the shipment of original forensic evidence(hard drive, USB drive, etc.
to ACOIC G33 DCO FMA for forensic imaging.Individual files identified or suspected of being malicious will be sent bye-mail in one of several formats to the G33 DCO FMA distribution list, who will in turn analyzethe files by automated malicious code analysis and / or by staticanalysis / dynamic analysis / reverse engineering performed by G33 DCO FMA malwareanalysts.
Works and interacts with other DCO professionals internal andexternal to Army Cyber Command, with Law Enforcement and Counter IntelligenceLNO's, and intelligence professionals as a technical specialist to understandhigher-level adversary capability.
Document, update and enhance processes andprocedures by producing training materials, standards documents and reports.
Minimum Qualifications : Bachelor's Degree in a related field, or 4 yearsof additional experience.
IAM Level II BaselineCertification; CSSP-A Baseline Certification; CSSP-IS Baseline Certification;Additional CE certifications as required for the operating system(s) and / orsecurity related tools / devices.
Preferred : CSSP-IR and E : IAT III
Experience : The Contractor employees shall possess in-depth knowledge,experience, and certifications with commercial computer incident triage toolsincluding but not limited to : CCIU LogCollector, EnCase Enterprise / Cybersecurity, AccessData eDiscovery, Mandiant Redline, Tanium, etc.
TheContractor personnel shall require full working knowledge and experience withall Windows OS platforms including but not limited to : Windows 7 / 8 / 10, Server2K3 / 2K8 / 2012 / 2016, etc.
The Contractor employees shall require full workingknowledge and experience with varying flavors of Unix / Linux platforms, andApple based operating systems.
Forensic Analysis ( Deadbox ) and MalwareAnalysis is performed exclusively at ACOIC G33 DCO FMA).
Tasks will be performed under general supervision.
Information TechnologyClearance Level required at Start Date : TS / SCI
Yes, 5 % of the TimeWe are committed to an inclusive and diverse workplace that values and supports the contributions of each individual.
This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace.
Vectrus is an Equal Opportunity / Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability.
EOE / Minority / Female / Disabled / Veteran.