Tyto Athene is searching for a forward-thinking and self-motivated Senior Digital Forensics Incident Response Analyst to support a law enforcement customer in Washington, DC. This exciting role requires an appetite for learning, superior attention to detail, the ability to meet tight deadlines, great organizational skills, and the ability to work in a highly collaborative work environment. The successful hire will possess the ability to complete complex tasks and projects quickly with little to no guidance, react with appropriate urgency to situations that require a quick turnaround and provide the appropriate attention and support to overcome technical obstacles.
Responsibilities:
- Utilize state-of-the-art technologies such as Endpoint Detection & Response tools, SIEM-based log analysis, and full packet capture to perform hunt and investigative activity to examine endpoint and network-based activity
- Conduct network forensics, log analysis, triage, limited malware analysis, and host-based forensics in support of incident response
- Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
- Conduct Incident Response activities and mentor junior staff
- Work with key stakeholders to implement remediation plans in response to incidents
- Effectively investigative and identify root cause findings, then communicate findings to stakeholders, including technical staff and leadership
- Author Standard Operating Procedures (SOPs) and training documentation when needed
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
- Likely expected to be the primary point of contact for an external agency
Required:
- Bachelor’s degree or equivalent experience
- Minimum six (6) years of general experience, with at least 4 years experience in an Incident Responder/Handler role (fewer years of experience may be considered in light of additional education, certifications, or other relevant factors)
- CISSP and CEH or equivalent
- Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take the lead on incident research when appropriate and be able to mentor junior analysts
- Advanced knowledge of TCP/IP protocols
- Knowledge of Windows and Linux operating systems
- Knowledge of EDR/XDR technologies (CrowdStrike Falcon experience preferred)
- Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies
- Deep packet and log analysis
- Forensic and Malware Analysis
Desired:
- Cyber Threat and Intelligence gathering and analysis are preferred
- Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
Clearance: Secret Clearance Required
Location: There is a hybrid role with expectations of being on the client site as needed but primarily remote.
