Cyber Network Defense Analyst (Cloud)

Gray Tier Technologies is seeking Cyber Network Defense Analysts (CNDA) with Cloud Forensics experience to support this critical customer mission.

Our team provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.

Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity.

Responsibilities:

• Acquire/collect computer artifacts and logs in support of onsite and remote engagements
• Triage electronic devices and assess evidentiary value
• Correlate forensic findings to network events in support of developing an intrusion narrative
• Collect and document system state information (e.g. running processes, network connections) prior to imaging, as required
• Perform forensic triage of an incident to include determining scope, urgency and potential impact
• Track and document forensic analysis from initial participation through resolution
• Collect, process, preserve, analyze and present computer related evidence
• Coordinate with Government staff and customer personnel to validate/investigate alerts or additional preliminary findings
• Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
• Support cloud development and automation projects to enhance threat emulation capabilities
• Assist to document Computer Network Defense (CND) guidance and create reports pertaining to incident findings

Required Skills/Clearances:

• U.S. Citizenship - Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 10+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools
• In depth understanding of SaaS, PaaS and IaaS in the Cloud Environment
• Ability to create forensically sound duplicates of evidence (forensic images)
• Ability to author cyber investigative reports documenting digital forensics findings
• Proficiency with analysis and characterization of cyber attacks
• Knowledge of cloud development and automation tools such as Terraform, Kubernetes, AWS CloudFormation, Azure Resource Manager, and Docker.
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources

Desired Skills:

• Knowledge of strategies/architectures involved in implementing M365/Azure authentication, how these relate to a federated identity solution, and a fundamental understanding of how threat actors would target identity to compromise an environment
• Advanced experience and proficiency across various aspects of IT operations (e.g. networking, virtualization, identity, security, business continuity, disaster recovery, data management, governance)
• Experience and understanding in acquisition, processing and analysis of digital evidence from onsite enterprises and cloud native platforms
• Fundamental understanding of APIs and proficiency with PowerShell/PowerShell modules leveraged to conduct API queries as they relate to Azure/M365
• Proficiency with scripting languages (e.g. Bash, Python, PowerShell, JS) for automation of hunt tools used in commercial cloud environments
• Ability to develop tools, architecture and configurations in Azure environment to support identifying threat actor activity.
• Understanding of how Azure/M365 platform protection is implemented and security operations available

Required Education: BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma & 4-6 years of host or digital forensics experience.

Desired Certifications: - One or more of the following certifications: GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS certifications, Microsoft Azure associated certifications.