GDIT has an opportunity for a dynamic and collaborative Lead Forensics Technician to join our team. The Lead Forensics Technician will be a member of our team supporting the Administrative Office of the U.S. Courts (AOUSC), Information Technology Security Office (ITSO). As a team member, the Lead Forensics Technician will work collaboratively with federal and contractor staff to ensure the SOC effectively meets or exceeds the security operations requirements of each shift in a timely and comprehensive manner.
The Lead Forensics Technician must have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases involving Windows and Linux computer systems.
Provide enterprise-level SOC forensics support on a shift rotation or on-call basis to cover 24x7 operations.
Drive use of intrusion detection and protection tools, capabilities, methodologies across each shift within the SOC.
Provide technical guidance and support to the Intrusion Detection Team Shift Lead.
Responsible for conducting digital forensics examinations using data acquisition, examination, presentation and disposition techniques.
Provide identification and seizure support, forensic data acquisition/imaging using forensically sound and non-forensic collection/capture of electronically stored information (ESI) from some file structures within desktop/laptop computer systems, files share servers and cloud-based storage, mobile devices and tablets and related digital storage media.
Serve as a forensics Subject Matter Expert (SME) that can counsel and provide advice tor junior analysts and lead forensic investigations in the field.
Understanding of and strict adherence to digital chain of custody forms and processes.
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
Review and approve reports, notes, and case files of junior technicians.
Collaborate with other forensic analysts and technicians, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence.
Hands-on experience with a variety of IDS, IPS, SIEM, and cybersecurity analytical tools.
Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations.
Experience with malware analysis concepts and methods.
Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
Education and Experience:
Minimum ten (10) years of experience in IT Security, Cyber Security or Information Technology.
Three (3) years of team lead experience leading a SOC team.
Previous experience working in a SOC in an enterprise environment
Bachelor’s degree or equivalent experience in Computer Engineering, Computer Science, or Information Systems.
Strong understanding of latest security principles and protocols.
Must have knowledge of LAN/WAN/MAN network environments.
Must have demonstrated experience in dead box, live, and hybrid data acquisition methodologies.
Must have demonstrated experience in the automated reconstruction of a RAID array.
Must have experience processing medium data volumes.
Must have demonstrated working knowledge of and ability to apply the Federal Rules of Evidence (FRE) as they apply to electronic evidence, as well as, demonstrated experience in applying these rules to the framework of an investigation or litigation.
Must have demonstrated experience preparing affidavits and declarations.
Must be thoroughly familiar with at least one of the following forensic and non-forensic tools including EnCase, FTK, Harvester, Cellebrite UFED, and NUIX.
Knowledge of trouble ticketing systems/CRM.
Ability to read and interpret network diagrams.
Ability to read and understand packet captures.
Basic understanding of the OSI model.
Experience with processes in functional areas (i.e., trouble management, fault management, and incident management).
Must have in depth, hands-on experience with security features and system administration of Linux, UNIX, and Windows operating systems.
Must have an understanding of security vulnerabilities in common operating systems, web and applications servers, including knowledge of remediation procedures.
Knowledge of MITRE’s ATT&CK knowledgebase.
Excellent verbal and written communication skills
Excellent organizational and analytical skills
Ability to express thoughts clearly
Ability to collaborate in a team environment
Attention to detail
Certifications: Possess one cybersecurity and network-related certification, such as: GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Security+, Cisco Certified Network Associate/Professional (CCNA/CCNP).
Must also possess and maintain at least 1 of the following certifications: IACIS® Certified Forensic Computer Examiner (CFCE), ISFCE Certified Computer Examiner (CCE), EnCase® Certified Examiner (EnCE), AccessData Certified Examiner (ACE), Cellebrite Certified Mobile Examiner (CCME)
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.