About the position
As a Senior Digital Forensics and Incident Response Analyst at Booz Allen Hamilton, you will leverage your professional and expert knowledge of incident response processes, tools, and techniques to handle incident investigations with minimal oversight. Your role will involve making significant contributions to incident response efforts, participating in cyber incident response investigations that require forensic, malware, and log analysis. You will analyze forensic images and triage datasets to identify indicators of compromise, lateral movement, and unauthorized access or exfiltration of data. Additionally, you will assist in Digital Forensics and Incident Response (DFIR) matters and be assigned specific tasks by a team lead. Your advanced consulting skills, extensive technical expertise, and full industry knowledge will be crucial in developing innovative solutions to complex problems. You will work independently, mentor, and supervise team members, ensuring that the team meets its objectives effectively. In this role, you will be expected to analyze both Microsoft Windows and non-Windows systems, including Mac and Linux, using various DFIR toolsets such as FTK, EnCase, XWF, or Axiom. You will also utilize scripted DFIR toolsets written in Python or PowerShell and analyze logs from firewalls, network traffic, IIS, Antivirus, and DNS. Leading a DFIR team, you will assist junior team members with their case loads and apply your knowledge of common forensic artifacts to determine attack vectors, lateral movement, and data exfiltration. Your ability to correlate events from multiple sources will be essential in creating timeline analyses, and you will be responsible for organizing case notes and communicating findings to clients both verbally and in writing. Preparing detailed technical reports will also be a key part of your responsibilities. The position requires a Bachelor's degree with 5+ years of experience in Cybersecurity or DFIR, a Master's degree with 3+ years of experience, or 8+ years of relevant experience in lieu of a degree. You will need to be available to work after standard business hours, including some evenings and weekends, and take on-call rotations while managing multiple incidents simultaneously. Your role will also involve mentoring junior team members and developing scripts or utilizing log and data analysis platforms to analyze large datasets quickly.
Responsibilities
- Handle incident investigations with little oversight.
- Participate in cyber incident response investigations requiring forensic, malware, and log analysis.
- Analyze forensic images and triage datasets to identify indicators of compromise, lateral movement, and unauthorized access or exfiltration of data.
- Assist in Digital Forensics and Incident Response (DFIR) matters as assigned by a team lead.
- Develop innovative solutions to complex problems.
- Mentor and supervise team members.
- Analyze Microsoft Windows and non-Windows systems using DFIR toolsets.
- Utilize scripted DFIR toolsets written in Python or PowerShell.
- Analyze logs from firewalls, network traffic, IIS, Antivirus, and DNS.
- Lead a DFIR team and assist junior team members with their case load.
- Prepare detailed technical reports and communicate findings to clients.
Requirements
- Bachelor's degree and 5+ years of experience with Cybersecurity or DFIR, Master's degree and 3+ years experience with Cybersecurity or DFIR, or 8+ years of experience with Cybersecurity or DFIR in lieu of a degree.
- Experience with analyzing Microsoft Windows and non-Windows systems, including Mac or Linux, and using DFIR toolsets, including FTK, EnCase, XWF, or Axiom.
- Experience with scripted DFIR toolsets written in Python or PowerShell.
- Experience with analyzing logs, including firewall, network traffic, IIS, Antivirus, and DNS.
- Knowledge of common forensic artifacts analyzed during incidents to determine attack vector, lateral movement, and data exfiltration.
- Ability to correlate events from multiple sources to create a timeline analysis.
- Ability to organize case notes and communicate verbally and in writing to clients.
- Ability to prepare detailed technical reports.
- Ability to work after standard business hours, including some evenings and weekends, take a rotation on call, and work more than one incident at a time.
Nice-to-haves
- Experience with forensically analyzing cloud data, including AWS, Azure, or GCP.
- Knowledge of mobile device platforms, including smartphones and tablets.
- Knowledge of Cyber breach response and threat actor tactics, techniques, and procedures.
- Knowledge of host and network log analysis and toolsets to identify evidence of threat actor persistence, activities, and file access.
- Ability to prioritize work assignments without guidance.
- Ability to mentor junior team members.
- Ability to develop scripts or utilize log and data analysis platforms, such as Elastic or Splunk.
Benefits
- Parental leave
- Paid holidays
- Tuition assistance
- Tuition reimbursement
- 401(k)
