COMPANY OVERVIEW
Founded in 2007 in Huntsville, AL, MartinFed provides the U.S. government with customer-focused, performance-based solutions using technology and an empowered workforce as an engine to drive its customers' missions. Our goal is to attract the best and brightest within their field.
We invest in our people because they are our greatest asset. They cultivate our purpose, embody and reflect our core values, and define our culture. MartinFed's core values that set us apart are the following:
Be Driven- We are fueled by the hunger to learn more and do more.
Be Curious- We engage in continuous improvement - never accepting the status quo.
Be Humble- We seek honest feedback to strengthen our relationships.
Pursue Excellence- We strive to achieve extraordinary results and do not settle for mediocrity.
Strive for excellence and consider joining our growing team today!
JOB OVERVIEW
The Digital Forensics Incident Response Analyst provides identification, collection, examination, and analysis of data in support of incident response activities. These investigations include policy violations, incident reconstruction, and malware analysis to support internal incident response along with counterintelligence and law enforcement activities.
ESSENTIAL FUNCTIONS
Lead and conduct real-time and historical analysis using security analytics tools and digital forensics tool suites.
Perform initial incident triage, forensic imaging, host and network analysis.
Determine attacker activity on known compromised systems (Intrusion vector, privilege escalation, lateral movement, malware deployment, exfiltration, etc).
Discover, characterize, and assess anomalous network and platform activity on various information systems and networks.
Conduct memory analysis to recover crucial case artifacts.
Engage in static and dynamic malware analysis to determine its functionality.
Research and leverage cybersecurity intelligence sources to improve SOCincident detection and response capabilities.
Develop, manage, and maintain a forensic laboratory, including specialized hardware and software products.
Collaborate and coordinate with other NASA organizations, including but not limited to the network operations, system administrators and ISSOs, as needed in support of all service activities.
Assist the Government with oversight and coordination for NASA's response to significant cyber incidents.
Produce and present analytics, case review, and incident reporting to the NASA Information Security community and Government leadership.
Provide post-incident recommendations to improve cybersecurity posture.
Develop and maintain SOPs regarding data collection, forensic examination, reporting and investigations, in support of operational requirements.
Ability to travel, on short notice, to NASA facilities to support
QUALIFICATIONS
US Citizen with a DoD Secret Clearance.
Bachelor's Degree in Computer Science or related technical field.
7-9 years' progressive work experience within Information Security.
At least 3 years' experience related to DFIR, SOC, or LEO DF Unit.
At least 2 years' experience with technical writing, developing technical documents, and incident response reporting.
Holds an intermediate level, industry recognized, certification (GCIH/GCFE/GCFA/GNFA//GREM/CFCE/CAWFE/EnCE/CCE).
Strong experience with Unix/Linux system administration.
Strong experience with Windows system administration.
Strong experience analyzing various log formats such as those from endpoints, networking devices, and authentication services.
Experience with forensic tooling (AXIOM, FTK, Arsenal Recon, Zimmerman Tools, X-Ways, Ghidra, IDA, Volatility, etc).
Knowledge of common host-based forensic artifacts in multiple operating systems.
Understanding of network architecture, common network protocols, and how threat actors can abuse them.
Experience with cloud-based investigations, including Amazon AWS and Microsoft Azure.
[]{style="font-size: 10pt; font-family: arial, helvetica, sans-serif
"}
S:CLZTX-CLZCENTRALTX