Seeking a DFIR Lead Analyst to be responsible for preventing the escalation of severe security threats and provide security reports.
14th January, 2025
Role: DFIR Lead Analyst. Location: 100% Onsite in the DC Area.
Position Description: DFIR Analyst is responsible for preventing the escalation of severe security threats and providing reports to the security team.
This position utilizes tools to minimize the effects of a security breach on the computer network and performs an analysis to ensure that computer networks are clear of threats.
Roles and Responsibilities:
Conduct a full range of advanced professional duties required to monitor network activity, and document and report on information security issues and emerging trends.
Provide threat and vulnerability analysis.
Monitor endpoint protection/detection for anomalies using designated escalation paths for remediation.
Review and monitor Security Information and Event Management (SIEM) log data for unauthorized access and initiate investigations if necessary.
Perform malware threat hunting using industry-leading products and applications.
Participate in developing security strategies.
In addition, the DFIR Analyst shall:
Perform against established operational rhythm, expectations, and standards for the Security Operations Center (SOC) DFIR line of effort.
Be part of the 24x7 operations.
Perform advance incident-handling responsibilities with a direct interface with the client’s management team
Identify areas of improvement for SOC processes and tools to enhance the mission.
Basic Qualifications:
MUST BE A US CITIZEN.
Bachelor's degree.
TS clearance (eligibility to obtain SCI and pass CI poly).
5+ years of experience with crisis management, incident response, strategic communications, or risk management.
5+ years of experience in supporting the facilitation of training or briefing sessions.
Adept knowledge of cybersecurity and incident response principles, crisis management, and emergency management principles.
Ability to leverage available learning resources, both internal and external.
Experience with advanced Microsoft Office products.
Ability to work within a highly collaborative, fast-paced, dynamic environment.
Possession of excellent verbal and written communication skills.
Possession of excellent interpersonal skills, including client management skills.
Strong IR and Digital forensics experience and cloud experience are preferred.
Additional Qualifications:
The ideal candidate will have experience with four or more of the items below:
Splunk Search Processing Language (SPL)
Microsoft Defender for Endpoint (MDE)
Microsoft Azure Sentinel
Kusto Query Language (KQL)
Linux Bash
PowerShell/CMD
Networking - intermediate level knowledge of computer networking
Type 2 Hypervisor software such as VMware Workstation Pro, VirtualBox, Hyper-V