Incident Response Supervisor/Forensics Specialist

Description

OnPoint is a vibrant, energetic, and growing ISO-certified technology and management consulting partner that provides critical thinking, strategic analysis, and thought leadership in a collaborative environment in an enduring effort to improve performance, lower costs, and achieve results for clients. Founded in 1994, we are a privately-held corporation with headquarters in Arlington, VA and project office nationwide. We have over 200 employees and boast a retention rate of +90%. We are guided by our principles: Clarity. Action. Results—for each client engagement we work to gain clarity, move into action, and achieve results. OnPoint specializes in delivering solutions in Information Assurance, Network Operations, Project Management and Systems Development.

OnPoint has an immediate opening for an Incident Response Supervisor/Forensics Specialist to join a cyber-security team on a project with the U.S. Department of Energy. This position is located in Las Vegas, NV.  Candidates for this position must be available for 100% TDY travel to Las Vegas.

Duties and Responsibilities:

The Incident Response Supervisor/Forensics Specialist will lead a team of Reverse-Engineers and Incident Responders who reverse malicious software using malware analysis tools and techniques. The Incident Response team conducts forensic analysis on live and dead-box systems, reviewing forensic memory and drive images to identify indications of malicious activity and retrieve malcode samples for analysis.

The Incident Response Supervisor/Forensics Specialist must demonstrate the ability to research trends and countermeasures in computer/network vulnerabilities, exploits, and malicious activity. The Incident Response Supervisor/Forensics Specialist will develop and maintain in-depth knowledge and hands-on experience with computer network security techniques and best practices. Technical focus is on examining malicious programs and assessing malware threats.  The Incident Response Supervisor/Forensics Specialist must be able to identify suspicious and malicious activity in a heterogeneous network environment and respond appropriately.

Incident Response Supervisor/Forensics Specialist daily responsibilities and activities include:

• Leading a group of Reverse Engineers and Incident Responders
• Providing forensic analysis and data recovery on drive images and memory images.  Maintain chain of custody to preserve evidence when required for possible legal utilization.
• Tracking and responding to computer security incidents for an enterprise network
• Providing technical oversight and assistance to deployed Incident Responders
• Conducting vulnerability assessments/penetration tests of information systems
• Providing network protocol analysis, host forensics, network forensics
• Providing Subject Matter Expertise in computer and network incident response and forensics
• Communicating with customer representatives
• Researching new and evolving threats and vulnerabilities with potential to impact the monitored environment
• Reading and understanding network packet capture files
• Monitoring and analysis of network and IDS information
• Log collection, analysis, correlation, and alerting
• Identification of suspicious/malicious activities
• Identification and tracking of malicious code
• Reporting malicious activity to client locations with recommendations for remediation
• Reviewing and management of incident resolutions

Required Qualifications:

• Bachelor’s degree or equivalent and 10 years Information Technology experience. Master’s degree or Doctorate in field of mathematics, telecommunications, electrical engineering, computer engineering, or computer science is preferred
• At least 3 years of experience as a Forensic Examiner or Specialist, Reverse-Engineer or Incident Responder.
• Active Q or TS clearance or the ability to obtain a Q or TS clearance is required.
• Expert knowledge of incident resolution and handling
• Expert knowledge of common vulnerabilities and exploits
• Expert knowledge of incident analysis and investigation
• Expert knowledge of drive imaging and forensic investigation tools
• Strong knowledge of alarm investigation and validation
• Strong knowledge of networking
• Strong knowledge of common network protocol behavior
• Strong knowledge of network traffic analysis tools
• Excellent verbal and written communications skills
• Excellent customer service skills
• Experience with SIM/SIEM technologies desired
• The following certifications or equivalents are highly desired: SANS GCFE, SANS GCFA, SANS GREM, SANS GCIA, SANS GCIH, CEH, OSCP

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, skills, or working conditions.

OnPoint Consulting is an equal opportunity employer who firmly supports and recognizes the value of diversity and inclusion in the workplace.
 

Candidates for positions with OnPoint Consulting must be authorized to work in the United States without benefit of visa sponsorship.

Candidates for this position will undergo a pre-employment background investigation, as well as a government background investigation and must meet the requirements for access to sensitive or classified government information.