Dine Development Corporation

  • Cyber Forensic Analyst

    Job Location US-MD-Fort Meade
    Posted Date 3 weeks ago(3/29/2018 1:38 PM)
    ID
    2018-2389
  • Overview

    NOVA Corporation is 100% tribally owned by the Navajo Nation.  

     

    NOVA Corporation is dedicated to providing outstanding services to its customers and employees.  Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.

       

    NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence.  Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.

     

    NOVA Corporation provides unique, custom solutions to meet our customers’ communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.

     

    NOVA Corporation will accommodate individuals with disabilities that need assistance applying for open positions.

     

    NOVA Corporation is an equal opportunity/affirmative action employer subject to the Navajo Preference in Employment Act

    Responsibilities

    General Description:
    Under general technical supervision, performs network and web application vulnerability scanning, data analysis, and reporting in accordance with the provisions of DoD, DISA, and NIST policies, directives, and guidelines. The associated duties may include, but are not limited to, the following:

    General responsibilities:
    • Forensic examinations of High Priority Digital Media
    • Full-Scope forensic examinations
    • File system forensics
    • Advanced registry and Internet history analysis
    • Steganography detection and analysis
    • Large data set analysis and Target language Keyword search
    • Forensic tool and script development
    • Metadata extraction and analysis
    • Network forensics and analysis
    • Generating forensic reports of interest to customers
    • Coordinate, develop and promulgate forensic and technical exploitation standards for the customer
    • Provide technical support for federated partners, internal customer, and deployed platforms
    • Provide global (deployable) Technical Exploitation response capabilities, as required
    • Plan, Integrate & Execute full-spectrum technical exploitation plans, exercises, training and operations as required
    • Examines potential security violations, incidents, malicious activities and attacks to determine if policy has been breached, assesses the impact, and preserves artifacts.
    • Enters and tracks events and incidents. Supports incident escalation and assesses probable damages, identifies damage control and remediation, and assists in developing courses of action.
    • Supervises the installation, monitoring, testing, troubleshooting, and administration of IA hardware and software systems.
    • Recommends, schedules, and performs IA system repairs, systems administration, and maintenance.
    • Analyzes patterns of non-compliance or attacks and recommends appropriate actions to minimize security risks and insider threat.
    • Diagnoses and resolves IA problems in response to reported incidents. 

     

    Additional Responsibilities:

    • Provides direct network security support to the DISA Operations Division DISANet Program Manager
    • Completes Reporting, Response, and Analysis duties of the ten Cyber Incident and Reportable Cyber Event Categories, as outlined in Table B-A-2 of CJCSM 6510.01B, Cyber Incident Handling Program, via Joint Incident Management System (JIMS) tickets received from the DISANet Tier II CSSP
    • Completes Reporting, Response, and Analysis duties of the ten Cyber Incident and Reportable Cyber Event Categories, as outlined in Table B-A-2 of CJCSM 6510.01B, Cyber Incident Handling Program, via Joint Incident Management System (JIMS) tickets received from the DISA Enterprise Services Tier II CSSP, as they pertain to DISANet resources
    • Utilizes local, network, and enterprise tools, such as HBSS, Blue coat, and Splunk for event and incident support in the course of normal duties
    • Accomplishes Reporting, Response, and Analysis duties for alerts that qualify as network security events but do not reach the threshold of declarable network security incidents, such as Traffic Validations and Suspicious Activity alerts
    • Provides Incident Response (IR) support for HBSS DLP violations
    • Provides technical investigative support to the DISA OIG and DoD IG for matters that affect network security but ultimately fall under the purview of these entities
    • Provides technical investigative support to the DISA Counterintelligence (CI) office for matters that affect network security but ultimately fall under the purview of the DISA CI Office, as described in DoDD 5240.06, Counterintelligence Awareness and reporting (CIAR)
    • Provides technical investigative support to the DISA Office of General Counsel, as directed
    • Fulfills network security (technical) roles of the Incident Response Center for IT Spillages, as defined in DoDM 5200.01 Volume 3, DoD Information Security Program: Protection of Classified Information, CJCSI 6510.01F, Information Assurance (IA) and Support to Computer Network Defense (CND).
    • Other responsibilities, as outlined in the current contract applicable task areas

     

    *MUST BE A U.S. CITIZEN WITH AN ACTIVE TOP SECRET/SSBI CLEARANCE*

    Qualifications

    Requirements:
    • Experience with DOD 8510 (DIACAP and RMF), DoD 6510 and 8500 series instructions, and NIST 800 series guidance
    • Basic knowledge of cloud computing services and related security matters
    • Basic knowledge of DOD PKI/PKE implementation and related governing policies
    • General knowledge of tools like Axion, FTK, Encase
    • General knowledge of Splunk
    • Experience with COTS & GOTS network scanning tools (Retina, Tenable Nessus, etc.)
    • Experience with Host Based Security System (HBSS) and McAfee EPO
    • Experience with Automated Compliance Assessment System (ACAS)
    • Experience with web application scanning and reporting tools (BURP suite)
    • Experience with incident management tracking and reporting tools (Remedy)
    • Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulations

     

    Required Certifications:
    DoDM 8570-01M IAT Level II certification (CompTIA Security +, CASP, C|eH,or similar)


    Desired Certifications:
    DoDM 8570-01M IAT Level III certification (CISSP, CISA, or similar)

    Certifications Required

    none

    Education Requirements

    Education: Associates or Bachelor’s Degree in computer sciences, information security, or related fields
    Experience: Minimum 3-5 years relevant experience with Bachelor’s degree, 5-7 years’ experience with Associate’s degree

    Certifications Preferred

    none

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed