Provides Information Systems Incident Response and Network Defense support services to the client. Provides integrated operational capability to detect, monitor, analyze and respond to unauthorized access. Reviews and analyzes network events for possible security shortfalls and identifies activities that corresponds with intrusions and security events. Utilizes client's tools, capabilities, and processes to identify network traffic, system or security devices for information supporting violations of security policy and vulnerabilities that could impact IT assets. Identifies and validates cyber threats and potential impact to the IT infrastructure. Provides detailed and accurate real-time information to customers and operation managers.
Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators. Investigates computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types. Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports. May be required to testify in court as an expert witness.
• BS or equivalent experience + 10 yrs related experience; or MS + 6 yrs experience
• Linux experience
• Strong analytical and problem solving skills
• Leadership skills to guide and mentor less experienced personnel
• Strong communications skills
• Ability to lead and work as part of a team.
(Candidate shall have appropriate certification in compliance with the requirements of the DoD 8570 Information Assurance Category IAT Level II or higher, and CEH Certification.)
TS/SCI clearance with Full Scope Poly is required.