STS Systems Support, LLC (SSS) is seeking a Sr. Forensic Malware Analyst Requirements: DoDD 8570.01-M/8140.01 I AT Level III CND Active TS/SCI More than five (5) years of experience as a Forensic Malware Technician. Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh-based computers and servers.Strong skill in and a strong understanding of: the use of a variety of forensic tools (Access Data, FTK, Guidance EnCase; including mobility (Axiom/BlackBag , Mobilyze/Cellebrite/Paraben and in, FTK, X-Ways Forensics, FireEye, Volatility, Sleuthkit, BlackBag tools) and various Open Source forensic tools.Shell Scripting is a plus.Experience writing intelligence and technical articles for production and dissemination.Very proficient w/ malware analysis, sandboxing, and software reverse engineering.Proficient Experience with scripting languages such as Python and PowerShell.Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects). Required: SANS GCFA (or equivalent).Desired:GREM, GCTI and/or ACE Duties: Document all findings in the investigation/incident log. (CDRL A008) Track evidence inventory for intake and releasing to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records with no more than 5% error rate. Utilize forensic tools such as, but not limited to; EnCase, FTK, FireEye, etc. and other systems as required. Conduct analysis of metadata and forensic examinations of digital media from a variety of sources including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence. Confirm malicious activity when new information is identified through forensic analysis. Investigate network and computer intrusions to identify root cause and generate indicators of compromise and document all findings in the investigation/incident log for each file. Perform memory forensics and malware reverse engineering of suspected malicious files to verify if system compromise occurred document all findings Indicators of Compromise (IOCs) in the investigation/incident log for each file. Perform Hard Drive Analysis of suspected/confirmed infected or exploited systems and document all findings in the investigation/incident log for each hard drive with no more than a 5% error rate. Develop methods to identify, contain, log, and analyze malware-based activities on AF AIS and networks. (A008) Provide support to AF network administrators on the installation and analysis of packet sniffers on their network topology by reporting the functionality status upon request. Generate forensic reports and synopses presenting complex technical processes and findings clearly and concisely to technical and non-technical. (CDRL A008) Collaborate with leadership and external agencies, including Counter-Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts. Provide AF OSI DCO technical support to law enforcement and counter- intelligence activities. Turn any investigation over to AF OSI if it is determined during the course of an investigation a law was broken. Support and/or augment Incident Response deployment with same day notice. This travel will allow responders to retrieve hard drives or miscellaneous storage media, isolate system(s) for additional investigation, and perform other on-site Incident Response actions. Set up a monitor or "cage" at the on-site location as needed. Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate. Provide requested forensic information to operational flight commander as it relates to the Host Detection processes and procedures.
