Arlington, VA

Host Based System Analyst

Job Specs

Cyber Defense

Job Description:

XOR Security is currently seeking an experienced Host Based Cybersecurity System Analyst. The goals of this position will be to achieve the following:


  • Acquiring/collecting computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
  • Assessing evidentiary value by triaging electronic devices
  • Correlating forensic findings with network events to further develop an intrusion narrative
  • When available, collecting and documenting system state information (running processes, network connections, etc.) prior to imaging
  • Performing incident triage from a forensic perspective to include determining scope, urgency and potential impact
  • Tracking and documenting forensic analysis from initial involvement through final resolution
  • Collecting, processing, preserving, analyzing and presenting computer related evidence
  • Coordinating with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
  • Conducting analysis of forensic images and other available evidence and drafting forensic write-ups for inclusion in reports and other written products
  • Assisting in documenting and publishing Computer Network Defense guidance and reports on incident findings to appropriate constituencies
  • Assisting in preliminary analysis by tracing an activity to its source and documenting findings for input into a forensic report
  • Assisting team members in imaging digital media
  • Assisting in gathering, accessing and assessing evidence from electronic devices using forensic tools and knowledge of operating systems
  • Using hashing algorithms to validate forensic images
  • Under direct guidance and coaching if needed, locating critical items in various file systems to aid more senior personnel in their analysis
  • Performing analysis of log files from a variety of sources to identify possible threats to computer security
  • Using leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
  • Determining programs that have been executed, finding files that have been changed on disk and in memory

Required Skills:

  • U.S. Citizenship - Must have an active TS/SCI clearance - Must be able to obtain DHS Suitability
  • 2+ years of directly relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
  • Ability to create forensically sound duplicates of evidence (forensic images)
  • Able to write cyber investigative reports documenting digital forensics findings
  • Experience with the analysis and characterization of cyber-attacks
  • Experience with proper evidence handing procedures and chain of custody protocols
  • Skilled in identifying different classes of attacks and attack stages
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources
  • Must be able to work collaboratively across physical locations Desired Skills:
  • Experience with two or more of the following tools: --- EnCase --- FTK --- SIFT --- X-Ways --- Volatility --- WireShark --- Sleuth Kit/Autopsy --- GRR - Experience with conducting all-source research.
  • Required Education: BS Computer Science, Computer Engineering, Computer Information Systems, Computer Systems Engineering or related degree. High School Diploma and 4-6 years of host investigations experience may be substituted for the BS & 2-4 years of experience] Desired Certifications: - GCFA, GCFE, EnCE, CCE, CFCE, CISSP

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements.