Performs forensic analysis of digital information and gathers and handles evidence.Identifies network computer intrusion evidence and perpetrators, and coordinates with other government agencies to record and report incidents.Participate in collaborative sessions with other CNDSPs and IC agencies on malicious intrusions, attacks or suspicious activities, as well as share emerging Cyber Threat Intel data.Assist in the development of Indicators of Compromise for active defensive countermeasures and passive detection signatures. Position may require evening, weekend or shift-work (depending on operational tempo).
- Hands-on experience in data analysis (preferably network traffic or log analysis) in relevant data analysis and data science platforms (Jupyter, Splunk, pandas, SQL)
- Familiarity with cloud infrastructure, web application and servers, android and iOS mobile platforms
- Experience with malware analysis and reverse engineering
- Familiarity with enterprise SIEM platforms (e.g. Splunk, QRadar, ArcSight)
- Fluency with one or more scripting language (i.e. Python)
- Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators.
- Identifies network computer intrusion evidence and perpetrators, and coordinates with other government agencies to record and report incidents.
- Participate in collaborative sessions with other CNDSPs and IC agencies on malicious intrusions, attacks or suspicious activities, as well as share emerging Cyber Threat Intel data.
- Assist in the development of Indicators of Compromise for active defensive countermeasures and passive detection signatures.
- Research and produce analysis on nation state cyber threat actors.
- Utilize internal and open source research for awareness of nation stated targeting, trends, etc.
- Develop strategic cyber threat intelligence products in support of network defense operations
- Position may require evening, weekend or shift-work (depending on operational tempo).
- Continuous learning on the job
- You want to build things, not just break them
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience
- FOR508
- SEC504
- eCIR
$59K <= $76K <= $97K
- https://resources.infosecinstitute.com/top-30-incident-responder-interview-questions-and-answers-for-2019/#gref
- https://medium.com/@aubsec/dfir-interivew-questions-68ec48ea570f