Security Operations Center (SOC) Lead Forensics Technician

Company: Louisiana Economic Development
Location: Bossier City
Posted on: November 21, 2020

Job Description:

GDIT seeks a Security Operations Center (SOC) ndash Lead Forensics Technician. Qualifications Education and Experience Minimum ten (10) years of experience in IT Security, Cyber Security or Information Technology. Three (3) years of team lead experience leading a SOC team. Previous experience working in a SOC in an enterprise environment Bachelorrsquos degree or equivalent experience in Computer Engineering, Computer Science, or Information Systems. Knowledge Strong understanding of latest security principles and protocols. Must have knowledge of LANWANMAN network environments. Must have demonstrated experience in dead box, live, and hybrid data acquisition methodologies. Must have demonstrated experience in the automated reconstruction of a RAID array. Must have experience processing medium data volumes. Must have demonstrated working knowledge of and ability to apply the Federal Rules of Evidence (FRE) as they apply to electronic evidence, as well as, demonstrated experience in applying these rules to the framework of an investigation or litigation. Must have demonstrated experience preparing affidavits and declarations. Must be thoroughly familiar with at least one of the following forensic and non-forensic tools including EnCase, FTK, Harvester, Cellebrite UFED, and NUIX. Knowledge of trouble ticketing systemsCRM. Ability to read and interpret network diagrams. Ability to read and understand packet captures. Basic understanding of the OSI model. Experience with processes in functional areas (i.e., trouble management, fault management, and incident management). Must have in depth, hands-on experience with security features and system administration of Linux, UNIX, and Windows operating systems. Must have an understanding of security vulnerabilities in common operating systems, web and applications servers, including knowledge of remediation procedures. Knowledge of MITRErsquos ATTCK knowledgebase. SkillsAbilities Excellent verbal and written communication skills Excellent organizational and analytical skills Ability to express thoughts clearly Ability to collaborate in a team environment Attention to detail Certifications Possess one cybersecurity and network-related certification, such as GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Security, Cisco Certified Network AssociateProfessional (CCNACCNP). Must also possess and maintain at least 1 of the following certifications IACISRegistered Certified Forensic Computer Examiner (CFCE), ISFCE Certified Computer Examiner (CCE), EnCaseRegistered Certified Examiner (EnCE), AccessData Certified Examiner (ACE), Cellebrite Certified Mobile Examiner (CCME) JOB DESCRIPTION GDIT has an opportunity for a dynamic and collaborative Lead Forensics Technician to join our team. The Lead Forensics Technician will be a member of our team supporting the Administrative Office of the U.S. Courts (AO), Information Technology Security Office (ITSO). As a team member, the Lead Forensics Technician will work collaboratively with federal and contractor staff to ensure the SOC effectively meets or exceeds the security operations requirements of each shift in a timely and comprehensive manner. The Lead Forensics Technician must have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases involving Windows and Linux computer systems. Responsibilities Provide enterprise-level SOC forensics support on a shift rotation or on-call basis to cover 24x7 operations. Drive use of intrusion detection and protection tools, capabilities, methodologies across each shift within the SOC. Provide technical guidance and support to the Intrusion Detection Team Shift Lead. Responsible for conducting digital forensics examinations using data acquisition, examination, presentation and disposition techniques. Provide identification and seizure support, forensic data acquisitionimaging using forensically sound and non-forensic collectioncapture of electronically stored information (ESI) from some file structures within desktoplaptop computer systems, files share servers and cloud-based storage, mobile devices and tablets and related digital storage media. Serve as a forensics Subject Matter Expert (SME) that can counsel and provide advice tor junior analysts and lead forensic investigations in the field. Understanding of and strict adherence to digital chain of custody forms and processes. Advanced understanding of TCPIP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Review and approve reports, notes, and case files of junior technicians. Collaborate with other forensic analysts and technicians, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence. Hands-on experience with a variety of IDS, IPS, SIEM, and cybersecurity analytical tools. Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations. Experience with malware analysis concepts and methods. Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, andor MITRE ATTCK framework. We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal OpportunityAffirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Keywords: Louisiana Economic Development, Bossier City , Security Operations Center (SOC) Lead Forensics Technician, Other , Bossier City, Louisiana