Search Open/Close
Open/Close Header Details
Search
Friday, March 29, 2024

TCW - Forensics Analyst II (Texas)

TCW - Forensics Analyst II (Texas)

Apply for this position: Send a Microsoft Word copy of your resume to: HR@zavda.com

Clearance: TS/SCI with Polygraph

Zavda was founded in 2006 and is a SDB certified, Service Disabled Veteran owned, and Woman owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sector.  Zavda is looking for a Forensics Analyst.

Job Description:
The Forensics Analyst serves as a Cyber Forensics Analyst responsible for conducting detailed digital forensics, host-based analysis, including imaging, digital media processing, and memory capture and data log analysis. Locates and identifies digital evidence. Extracts and carves files from collected evidence.  Analyzes intrusion techniques and tradecraft. Assists in root cause and attribution analysis. Identifies, collects, and analyzes relevant host-based artifacts. Maintains cyber hygiene of forensic media and analysis environment. Supports chain of custody throughout incident lifecycle. Configures and utilizes virtualized and/or forensics computer system environments.

Required:

  • Create and maintain chain-of-custody documentation throughout incident response.
  • Perform forensically sound evidence collection and analysis.
  • Provide technical summary of findings in accordance with established reporting procedures.
  • Knowledge of host communications to include common ports, default services of common operating systems.
  • Collect and review artifacts (such as media, live system memory, images, equipment, network traffic, logs, or software).
  • Conduct initial analysis of log files, evidence, and other information.
  • Perform file system forensic analysis to include recovery of hidden and deleted content such as page files, volume shadow copies, or unallocated space.
  • Utilize appropriate tools to decrypt seized data from sources such as full disk encryption and collected malware.
  • Carve data using manual and techniques for tools such as Forensic Tool Kit (FTK), EnCase, and other open-source tools and scripts.
  • Generate, research, and identify content based on file hashes.
  • Search and analyze Windows registry-related content.
  • Perform forensic incident handling tasks (such as forensic collections, host analysis, intrusion correlation and tracking, threat analysis, and direct system remediation) as part of flyaway Incident Response Teams (IRTs).
  • Perform file signature and timeline forensics analysis.
  • Recognize obfuscation and encryption detection techniques along with and understands applicable decoding methods to advance evidence processing during analysis.
  • Possess knowledge of data carving tools and techniques to include restoring deleted artifacts from unallocated disk storage and from system memory (RAM).
  • Detect anti-forensics techniques and tactics.

Education / Experience:

  • Two (2) years of demonstrated experience as a Cyber Forensics Analyst in programs of similar scope, type and complexity is required.
  • Two (2) years of demonstrated experience using at least two forensic tool suites similar to EnCase, Sleuthkit, FTK, X-WAYS, REKALL, or Axiom.
  • Three (3) years of demonstrated experience working on Windows and Linux operating systems as a Systems administrator or in Software Development and Information Technology Systems (DevOps).
  • Requires DoD 8570 compliance with CSSP Incident Responder baseline certification. (ie-CEH, CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER, PenTest+) Any of the listed certs meet this requirement.
  • Information Assurance Technical (IAT) Level II or Level III certification (ie-CCNA Security, CySA+, GICSP, GSEC, Security+, CND, SSCP) Any of the listed certs meet this requirement.
  • Computing Environment (CE) certification.
  • Requires Global Information Assurance Certification Forensic Analyst (GCFA) or Global Information Assurance Certification Forensic Examiner (GCFE).

Equivalent: The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.  

Job Location:

  • San Antonio, TX

Work Schedule: 8-hour shift, M-F.  Core hours 10am-2pm
Zavda is a small business and an equal opportunity employer- Veteran/Female/Minorities/Individual with Disabilities.  With Zavda you have the opportunity to provide dependable solutions and support that with benefit the national security missions.  Zavda prides itself to providing continual professional growth and success for the Zavda Team.

Back To Top