Digital Forensics SOC Analyst

Position: Digital Forensics SOC Analyst

C2C rate: $71/hr

Client: Department of Information Technology (DOIT) Office of Security Management

Location: 100 Community Pl Crownsville MD 21032

Duration: Multi year

Interview mode: In person

DK Consulting Overview: Founded in May 2003 DK Consulting LLC a womanowned small business was formed to provide management and technology solutions based on industry best practices. DK Consulting LLC works with multiple State Federal and Commercial customers and our services range from providing customers with that one critical resource to assuming responsibility for an entire IT project. We offer excellent benefits and provide exceptional employee management.

DK Consulting is seeking a Digital Forensics Security Operations Center (SOC) Analyst. The role will work closely with Government counterparts to provide support in cybersecurity incident response mitigation analysis & information dissemination. The Analyst will provide systems and network forensic investigation support for the SOC activities. In addition the Analyst will work as a technical leader within the State of Maryland DoIT SOC & be responsible for maintaining the integrity of cybersecurity related analysis.

Duties and Responsibilities:

• Report to Director of Security Operations or his/her designee
• Provide SOC Analyst Tier 3 escalation support
• Plan initiate and conduct investigations for cybersecurity incidents response efforts
• Perform forensic examinations on compromised systems
• Understand and use forensic tools and techniques for cybersecurity incidents
• Create forensic root cause and scope of impact analysis reports
• Contribute to technical briefings on the details of forensics exams and report
• Provide support in conducting malware analysis of attacker tools
• Stay current on incident response and digital forensics skills best practices and tools
• Train SOC analysts on usage of SIEM tools (Splunk) and basic event analysis
• Develop rules and tune SIEM and related tools to streamline the event analysis done by the SOC
• Assist developing new processes and procedures for SOC monitoring
• Monitor networks for threats from external and internal sources
• Analyze network traffic of compromised systems and networks
• Correlate actionable security events from various sources
• Review threat data and develop custom detection signatures
• Gather and analyze threat intelligence data and conduct threat hunting
• Understand cybersecurity attacks and tactics techniques and procedures (TTPs) associated with advanced threats
• Communicate clearly with Government counterparts and SOC customers
• Development and implementation and operational and technical incident response processes procedure guidance and standards
• Ability to work outside of regular business hours the role may require oncall support after regular business hours or weekends.

Minimum Qualifications:

• Handson experience with security monitoring and SIEMs tools Splunk Enterprise Security is preferred
• Demonstrated working knowledge of cyber forensics and incident handling best practice processes procedures standards and techniques
• Handson experience with forensics image capture tools i.e. FTK Imager MAGNET ACQUIRE
• Handson experience with system image/file system/registry forensics tools i.e. Encase FTK XWays Magnet AXIOM Sleuthkit Access Data Registry Viewer Registry Recon or other)
• Handson experience with PCAP analysis tools i.e. Wireshark TCP Dump Network Miner Xplico or other
• Handson experience with memory forensics tools i.e. BlackLight Volatility SANS SIFT Magnet RAM Capture or FireEye Memoryze CrowdStrike Crowd Response
• Handson experience with Endpoint Detection & Response solutions Tanium Threat Response McAfee or other

Desired Skills/Certifications:

• Practical handson experience with static in malware analysis
• Handson experience with malware antiforensics obfuscation packing techniques
• Handson experience with malware Analysis Miscellaneous dynamic & static analysis tools (IDA Pro Ghidra OllyDBG WinHex HexEdit HexDump PeSTudio REMux OLEDUMP)
• Handson experience with Custom Signature Creation YARA
• Scripting/Programming experience Python Perl C C Go
• Highly desired industry certifications include Certified Forensics Computer Examiner (CFCE) Computer Hacking Forensic Investigator (CHFI) GIAC Certified Forensic Examiner (GCFE) Certified Computer Examiner (CCE)
• Relevant industry certifications such as Certified Ethical Hacker (CEH) GIAC Reverse Engineering Malware (GREM) Certified Reverse Engineering Analyst (CREA) etc.

Educational and Years of Experience: Bachelors degree from an accredited college or university with a major in Computer Science Information Systems Engineering or related scientific or technical discipline and 4 years of experience. Associate degree and/or cyber courses/certifications or 5 years of experience in directly related fields may be substituted in lieu of bachelors degree

Min. Citizenship Status Required: U.S Citizenship