HHS Digital ForensicsThreat Hunter

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 12 hours ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Digital Forensics/Threat Hunter to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Computer Science Digital Forensics or related field.
Minimum 69 years of experience in digital forensics threat hunting or incident response.
Hands-on experience with forensic tools (EnCase FTK Volatility) and EDR platforms.
Strong understanding of NIST SP 800-61 NIST SP 800-86 NIST SP 800-53 and federal IR requirements.
Experience analyzing endpoint network cloud and log-based forensic data.
Familiarity with malware analysis scripting and attacker tradecraft.
Strong written and verbal communication skills.
GCFA GCIH GNFA CISSP or CEH (preferred)

Duties:

Conduct proactive threat hunting using hypothesis-driven techniques MITRE ATT&CK mapping and behavioral analytics.
Perform digital forensic acquisition and analysis of endpoints servers cloud workloads and network artifacts.
Investigate advanced threats ransomware insider threats data exfiltration and persistent adversary activity.
Analyze malware scripts and suspicious binaries including reverse engineering when required.
Identify Indicators of Compromise (IOCs) Tactics Techniques and Procedures (TTPs) and attack timelines.
Maintain forensic chain-of-custody and evidence integrity for legal and regulatory purposes.
Support incident containment eradication and recovery actions in coordination with SOC and IR teams.
Develop and maintain forensic and threat hunting SOPs playbooks and workflows.
Produce forensic reports threat hunting reports and incident documentation within defined SLAs.
Support FOIA searches OGC litigation holds and OIG criminal investigations.
Maintain and tune forensic and threat hunting tools within the SOC ecosystem.
Collaborate with CISA HHS CSIRC and HRSA stakeholders during investigations.
Participate in cyber exercises tabletop exercises and after-action reviews.
Provide recommendations to improve detection logging and incident response capabilities.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Computer Science Digital Forensics or related field.
Minimum 69 years of experience in digital forensics threat hunting or incident response.
Hands-on experience with forensic tools (EnCase FTK Volatility) and EDR platforms.
Strong understanding of NIST SP 800-61 NIST SP 800-86 NIST SP 800-53 and federal IR requirements.
Experience analyzing endpoint network cloud and log-based forensic data.
Familiarity with malware analysis scripting and attacker tradecraft.
Strong written and verbal communication skills.
GCFA GCIH GNFA CISSP or CEH (preferred)

Duties:

Conduct proactive threat hunting using hypothesis-driven techniques MITRE ATT&CK mapping and behavioral analytics.
Perform digital forensic acquisition and analysis of endpoints servers cloud workloads and network artifacts.
Investigate advanced threats ransomware insider threats data exfiltration and persistent adversary activity.
Analyze malware scripts and suspicious binaries including reverse engineering when required.
Identify Indicators of Compromise (IOCs) Tactics Techniques and Procedures (TTPs) and attack timelines.
Maintain forensic chain-of-custody and evidence integrity for legal and regulatory purposes.
Support incident containment eradication and recovery actions in coordination with SOC and IR teams.
Develop and maintain forensic and threat hunting SOPs playbooks and workflows.
Produce forensic reports threat hunting reports and incident documentation within defined SLAs.
Support FOIA searches OGC litigation holds and OIG criminal investigations.
Maintain and tune forensic and threat hunting tools within the SOC ecosystem.
Collaborate with CISA HHS CSIRC and HRSA stakeholders during investigations.
Participate in cyber exercises tabletop exercises and after-action reviews.
Provide recommendations to improve detection logging and incident response capabilities.