Digital Forensics Analyst

JASINT is seeking a Digital Forensics Analyst. The role will work closely with Government counterparts to provide support in cybersecurity incident response mitigation analysis & information dissemination. Provide systems and network forensic investigation support for the Security Operations Center (SOC) activities. Work as a Digital Forensics Analyst within the State of Maryland DoIT Office of Security Management & responsible for maintaining the integrity of the cybersecurity related analysis. This role will be responsible for performing the following tasks:

Duties and Responsibilities:

• Report to Director of Security Operations or his/her designee
• Provide Tier 3 escalation support
• Plan initiate and conduct investigations for cybersecurity incidents response efforts
• Perform forensic examinations on compromised systems
• Understand and use forensic tools and techniques for cybersecurity incidents
• Create forensic root cause and scope of impact analysis reports
• Contribute to technical briefings on the details of forensics exams and report
• Provide support in conducting malware analysis of attacker tools
• Stay current on incident response and digital forensics skills best practices and tools
• Train Jr. Analysts on usage of SIEM tools (Splunk) and basic event analysis
• Develop rules and tune SIEM and related tools to streamline the event analysis process
• Assist developing new processes and procedures for security monitoring
• Monitor networks for threats from external and internal sources
• Analyze network traffic of compromised systems and networks
• Correlate actionable security events from various sources
• Review threat data and develop custom detection signatures
• Gather and analyze threat intelligence data and conduct threat hunting
• Understand cybersecurity attacks and tactics techniques and procedures (TTPs) associated with advanced threats
• Communicate clearly with Government counterparts and SOC customers
• Development and implementation and operational and technical incident response processes procedure guidance and standards
• Ability to work outside of regular business hours the role may require on-call support after regular business hours or weekends.

Required Skills/Certifications:

• Hands-on experience with security monitoring and SIEMs tools - Splunk Enterprise Security is preferred
• Demonstrated working knowledge of cyber forensics and incident handling best practice processes procedures standards and techniques
• Hands-on experience with forensics image capture tools i.e. FTK Imager MAGNET ACQUIRE
• Hands-on experience with system image/file system/registry forensics tools i.e. Encase FTK X-Ways Magnet AXIOM Sleuthkit Access Data Registry Viewer Registry Recon or other)
• Hands-on experience with PCAP analysis tools i.e. Wireshark TCP Dump Network Miner Xplico or other
• Hands-on experience with memory forensics tools i.e. BlackLight Volatility SANS SIFT Magnet RAM Capture or FireEye Memoryze CrowdStrike Crowd Response
• Hands-on experience with Endpoint Detection & Response solutions - Tanium Threat Response McAfee or other

Desired Skills/Certifications (Not Required):

• Practical hands-on experience with static in malware analysis
• Hands-on experience with malware anti-forensics obfuscation packing techniques
• Hands-on experience with malware Analysis - Miscellaneous dynamic & static analysis tools (IDA Pro Ghidra OllyDBG WinHex HexEdit HexDump PeSTudio REMux OLEDUMP)
• Hands-on experience with Custom Signature Creation - YARA
• Scripting/Programming experience - Python Perl C C Go
• Highly desired industry certifications include Certified Forensics Computer Examiner (CFCE) Computer Hacking Forensic Investigator (CHFI) GIAC Certified Forensic Examiner (GCFE) Certified Computer Examiner (CCE)
• Relevant industry certifications such as Certified Ethical Hacker (CEH) GIAC Reverse Engineering Malware (GREM) Certified Reverse Engineering Analyst (CREA) etc.

Education and Years of Experience:

• Bachelors degree from an accredited college or university with a major in Computer Science Information Systems Engineering or related scientific or technical discipline and 4 years of experience. Associate degree and/or cyber courses/certifications or 5 years of experience in directly related fields may be substituted in lieu of bachelors degree

Why JASINT

At JASINT we proudly boast a together we can attitude. That is only possible with a strong talented team. Our goal is to answer the call to provide top mission and Warfighter support at all levels and thats why we are seeking you!

We understand and respect the dedication and sacrifice required to serve our nations greatest efforts and our commitment in turn is to Support You!

JASINT cares about your work-life balance and offers competitive benefits to help you at every stage of your personal and professional life by providing the following: Retirement/401k with an employer match employer-paid health dental vision for employees flexible spending accounts (HSA/FSA) company partially funded HSA STD/LTD professional development tuition and certification reimbursement spot award recognition PTO Floating Holidays.

*** JASINT offers internal and external referral bonuses for all cleared exceptional talent we hire! Friends of yours are friends of JASINT! ***

JASINT provides equal employment opportunities to all employees and applicants without regard to race color ancestry national origin gender sexual orientation marital status religion age disability gender identity genetic testing results or service in the military. Equal employment opportunity applies to all terms and conditions of employment including hiring placement promotion termination layoff recall transfer leave of absence compensation and training.

JASINT participates in E-Verify and will provide the federal government with I-9 information to confirm that all new hires are authorized to work in the U.S. To learn more about E-Verify please visit