Forensic and Malware Lead (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Forensic and Malware Lead (Cybersecurity): Leading digital forensics and malware analysis activities for the Administrative Office of the United States Courts with an accent on advanced subject matter expertise across Windows, Linux, macOS, and cloud environments. Focus on performing static and dynamic malware analysis to identify IOCs and TTPs, analyzing memory images, and coordinating high-priority incident response activities.
Location: Hybrid, onsite location in Washington, DC
Company
provides specialized technical support and security operations for the Administrative Office of the United States Courts (AOUSC).
What you will do
- Lead digital forensics and malware analysis to identify indicators of compromise (IOCs) and attacker tactics (TTPs).
- Perform deep-dive analysis of disk, memory, and registry artifacts across various operating systems and enterprise environments.
- Coordinate with Triage and Incident Response teams for containment, remediation, and recovery of Priority 1 and 2 incidents.
- Collect and maintain digital evidence following strict federal evidence guidelines and chain-of-custody procedures.
- Utilize Splunk Enterprise Security, Microsoft Sentinel, and EDR tools for live forensic analysis and threat hunting.
- Develop forensic reports, SOPs, and operational playbooks to improve investigative workflows.
Requirements
- Active Public Trust clearance is required.
- Bachelor's degree in Computer Science, IT, or a related field.
- 5+ years of experience in Incident Response within a large SOC (5,000+ endpoints).
- 3+ years of expertise in digital forensics using tools like EnCase, FTK, X-Ways, or Volatility.
- Deep understanding of OS artifacts (SRUM, Shellbags, Prefetch) and federal evidence guidelines.
- Active certification in GCFA, GREM, CFCE, or OSED.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →