Incident Response Analyst - Digital Forensics Job
Job Description Job Attributes+
Washington, DC 20004, US
6-9 Month Contract
Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking a Incident Response Analyst - Digital Forensics to join our team at our client s site in Washington, DC.
The opportunities to contribute to the team in this role may include (but are not limited to):
- Executing security and privacy investigations for the clients, in preparation of, and in response to, data security matters, which may include ongoing breach detection, threat analysis, incident response and malware analysis.
- Providing expert digital forensic support for counsel and clients in support of data security incidents, such as data breaches or fraud.
- Assisting in the drafting of forensic reports, affidavits and testifying as an expert in the field of digital forensics and incident response.
- Engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools
- Identify, research, and organize information to assess the appropriateness and sufficiency of available data to facilitate effective data access and analysis
- Developing familiarity with data that serves as input to this analysis, including threat intelligence, logging data, as well as contextual clues
- Recognizing relationships among multiple sources and types of information to facilitate effective data analysis
- Programming, model building, and database administration (Python, T-SQL, VBA, Excel, C#, among others)
- Ensuring reliability of analysis and risk management through implementing quality control measures and documentation
- Forensically acquire data and images from identified hosts, and then locate evidence of compromise determine its impact from disk, file, memory, and log analysis.
- Identify artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti-forensics, and detailed system usage by an adversary.
- Detect and hunt unknown live, dormant, and custom malware across multiple hosts in an enterprise environment.
- Create Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts.
- Track adversary activity second-by-second on a host via in-depth timeline analysis.
- Understand the evidence needed to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each.
- Identify lateral movement and pivots within client enterprises, showing how an adversary transitions from system to system without detection.
- Use physical memory analysis tools to determine an adversary's activities on a host and other hosts the adversary used as pivot points across the network.
- Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation.
- Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections.
- Strong understanding of computer operating systems, software and hardware.
- Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices and removable media
- Experience with conducting digital forensic analysis using commercial and open source forensic tools. Including file system forensics, memory analysis and network analysis.
- Experience with conducting static/dynamic malware analysis in a lab environment and threat hunting in a live environment.
- Strong understanding of proper evidence handling procedures and chain of custody.
- Experience with drafting technical and investigative reports and communicating technical findings.
- Experience with utilizing automation tools and scripts to expedite analysis
- Understanding incident handling procedures: preparation, identification, containment, eradication, and recovery-to protect enterprise environments.
- Understanding of common attack techniques used by an adversary on a victim network and leveraging those techniques to stop further adversary activity.
- Digital forensics/incident response training and certifications, including SANS GIAC (GCIA, GCFA, GCFE, GNFA, GCCC, and/or GREM), IACIS (CFCE or CIFR), Guidance Software (EnCE) or similar.
Blackstone Talent Group is a division of Blackstone Technology Group, a global IT services and solutions firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone s global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors.
EOE of Minorities/Females/Veterans/Disabilities
Who We Are
Founded in 1998, Blackstone Talent Group is one of three divisions of Blackstone Technology Group. The other two divisions are Blackstone Federal, a premier engineering + transformation agency that serves the federal government, and Trellis Energy, the largest transaction management software firm fully dedicated to serving the natural gas industry. Blackstone Technology Group is a privately-held global IT services, solutions and resourcing firm. Headquartered in San Francisco, Blackstone now has more than 300+ employees across five offices nationwide. Blackstone Technology Group’s mission is to help clients adapt to the demands of a digital world, and has garnered an impressive track record of delivering successful results to a client list that includes Fortune 100 businesses and US federal, state and local government.
WHAT WE DO
We provide contract, permanent and managed resource services to our clients. We source for commercial businesses and non-profits, as well as government clients requiring security clearances from public trust through multiple levels of top secret. Some of our skill specialties are IT, IT Operations, Engineering, Accounting and Finance, and Executive Search.
HOW WE DO IT
Our team never stops building connections with talent. And our network of fully-vetted, ready-to-work professionals allows us to provide exceptional speed and accuracy in our resource delivery that is unmatched in the industry. With a relationship-first engagement approach, we most often become a trusted partner with our clients and operate as an extension of their organizations.