Security Operations Center (SOC) Cyber Security Engineering -Lead Fore
Company: General Dynamics Information Technology
Location: Bossier City
Posted on: October 13, 2020
Type of Requisition:PipelineClearance Level Must Currently
Possess:None Clearance Level Must Be Able to Obtain:
NoneSuitability:No Suitability RequiredPublic Trust/Other
Required:Job Family:Cyber SecurityJob Description:GDIT has an
opportunity for a dynamic and collaborative Lead Forensics
Technician to join our team. The Lead Forensics Technician will be
a member of our team supporting the Administrative Office of the
U.S. Courts (AOUSC), Information Technology Security Office (ITSO).
As a team member, the Lead Forensics Technician will work
collaboratively with federal and contractor staff to ensure the SOC
effectively meets or exceeds the security operations requirements
of each shift in a timely and comprehensive manner.The Lead
Forensics Technician must have the knowledge, skills, and ability
to conduct formal incident investigations and handle advanced
incident handling scenarios, including internal and external data
breach intrusions, advanced persistent threats, anti-forensic
techniques used by attackers, and complex digital forensic cases
involving Windows and Linux computer systems.Responsibilities
- Provide enterprise-level SOC forensics support on a shift
rotation or on-call basis to cover 24x7 operations.
- Drive use of intrusion detection and protection tools,
capabilities, methodologies across each shift within the SOC.
- Provide technical guidance and support to the Intrusion
Detection Team Shift Lead.
- Responsible for conducting digital forensics examinations using
data acquisition, examination, presentation and disposition
- Provide identification and seizure support, forensic data
acquisition/imaging using forensically sound and non-forensic
collection/capture of electronically stored information (ESI) from
some file structures within desktop/laptop computer systems, files
share servers and cloud-based storage, mobile devices and tablets
and related digital storage media.
- Serve as a forensics Subject Matter Expert (SME) that can
counsel and provide advice tor junior analysts and lead forensic
investigations in the field.
- Understanding of and strict adherence to digital chain of
custody forms and processes.
- Advanced understanding of TCP/IP, common networking ports and
protocols, traffic flow, system administration, OSI model,
defense-in-depth and common security elements.
- Review and approve reports, notes, and case files of junior
- Collaborate with other forensic analysts and technicians, law
enforcement officers, and legal experts to recommend methods and
procedures for recovery, preservation, and presentation of computer
- Hands-on experience with a variety of IDS, IPS, SIEM, and
cybersecurity analytical tools.
- Demonstrated hands-on experience analyzing high volumes of
logs, network data (e.g. NetFlow, Full Packet Capture), and other
attack artifacts in support of incident investigations.
- Experience with malware analysis concepts and methods.
- Familiarity or experience in Intelligence Driven Defense, Cyber
Kill Chain methodology, and/or MITRE ATT&CK
framework.QualificationsEducation and Experience:
- Minimum ten (10) years of experience in IT Security, Cyber
Security or Information Technology.
- Three (3) years of team lead experience leading a SOC
- Previous experience working in a SOC in an enterprise
- Bachelor's degree or equivalent experience in Computer
Engineering, Computer Science, or Information Systems.Knowledge:
- Strong understanding of latest security principles and
- Must have knowledge of LAN/WAN/MAN network environments.
- Must have demonstrated experience in dead box, live, and hybrid
data acquisition methodologies.
- Must have demonstrated experience in the automated
reconstruction of a RAID array.
- Must have experience processing medium data volumes.
- Must have demonstrated working knowledge of and ability to
apply the Federal Rules of Evidence (FRE) as they apply to
electronic evidence, as well as, demonstrated experience in
applying these rules to the framework of an investigation or
- Must have demonstrated experience preparing affidavits and
- Must be thoroughly familiar with at least one of the following
forensic and non-forensic tools including EnCase, FTK, Harvester,
Cellebrite UFED, and NUIX.
- Knowledge of trouble ticketing systems/CRM.
- Ability to read and interpret network diagrams.
- Ability to read and understand packet captures.
- Basic understanding of the OSI model.
- Experience with processes in functional areas (i.e., trouble
management, fault management, and incident management).
- Must have in depth, hands-on experience with security features
and system administration of Linux, UNIX, and Windows operating
- Must have an understanding of security vulnerabilities in
common operating systems, web and applications servers, including
knowledge of remediation procedures.
- Knowledge of MITRE's ATT&CK knowledgebase.Skills/Abilities:
- Excellent verbal and written communication skills
- Excellent organizational and analytical skills
- Ability to express thoughts clearly
- Ability to collaborate in a team environment
- Attention to detailCertifications: Possess one cybersecurity
and network-related certification, such as: GIAC Certified Forensic
Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC
Certified Enterprise Defender (GCED), Security+, Cisco Certified
Network Associate/Professional (CCNA/CCNP).Must also possess and
maintain at least 1 of the following certifications: IACIS--
Certified Forensic Computer Examiner (CFCE), ISFCE Certified
Computer Examiner (CCE), EnCase-- Certified Examiner (EnCE),
AccessData Certified Examiner (ACE), Cellebrite Certified Mobile
Examiner (CCME)Scheduled Weekly Hours:40Travel Required:Less than
10% T elecommuting Options: Telecommuting 100%Work Location:USA LA
Bossier CityAdditional Work Locations:We are GDIT. The people
supporting some of the most complex government, defense, and
intelligence projects across the country. We deliver. Bringing the
expertise needed to understand and advance critical missions. We
transform. Shifting the ways clients invest in, integrate, and
innovate technology solutions. We ensure today is safe and tomorrow
is smarter. We are there. On the ground, beside our clients, in the
lab, and everywhere in between. Offering the technology
transformations, strategy, and mission services needed to get the
job done. GDIT is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment
without regard to race, color, religion, sex, sexual orientation,
gender identity, national origin, disability, or veteran status, or
any other protected class.
Keywords: General Dynamics Information Technology, Bossier City , Security Operations Center (SOC) Cyber Security Engineering -Lead Fore, Engineering , Bossier City, Louisiana
Didn't find what you're looking for? Search again!