XOR Security is currently seeking a Digital Forensics Analyst/Investigator to support an Agency-level SOC. The SOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables with experience in complex malware analysis techniques, scripting, coding, and content development. Examples of complex analysis techniques include malware de-obfuscation, examining code, sandbox/dynamic analysis, and memory analysis.
- Perform forensic analysis on all common operating system environments, to include, but not limited to, Microsoft Windows, Mac OS, UNIX, Linux, Solaris, as well as embedded systems.
- Analyze digital media (logs, code, phones, hard drives, memory dumps, etc.) to determine attack vectors and develop mitigation techniques.
- Identify possible threats based on analysis of digital media.
- Maintain readiness to divert and deploy teams of contract resources to provide on‐site support and assistance in the event of an exercise or cyber incident.
- Develop and disseminate engagement reports, technical reports and briefs based on analytic findings.
- Identify and document tactics, techniques and procedures used by an attacker to gain unauthorized access.
- Develop procedures and processes to analyze and categorize digital media.
- Follow industry standard forensic best practices while imaging, preserving, transporting and handling electronic data and associated physical devices.
- Participate in inter‐agency sponsored community of interest analysis groups, conduct and participate in technical briefings and exchanges.
- Communicate, coordinate and share information and work closely with NCCIC and other HIRT components.
- Develop tips, indicators, warnings and actionable information.
- Support the development of performance metrics.
- Adhere to the CONOPS and SOPs of the HIRT and Digital Forensics Group (DFG).Assist with preservation and duplication of original media obtained from customers.
- Assist with maintaining the readiness of all DFG fly‐away kits, storage media and forensic VM analyst images.
- Assist with maintaining DFG computer equipment and software licensing.
- Bachelor’s Degree
- Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
- Familiarity with at least one of the following tools: EnCase, Forensic Toolkit, Autopsy/Sleuthkit
- Knowledge of investigative methods to locate specific electronic data.
- Proficiency in the latest cyber forensics, response, and reverse engineering skills and understanding of the latest exploit methodologies.
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and ACTIVE TOP SECRET CLEARANCE REQUIRED.