Cloud Security, Digital Forensics, and Incident Response; DFIR Analyst; Principal Cyber Security

Overview

Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the U.S. National Nuclear Security Administration (NNSA). Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations, engineering, education, field, and integration services and by acting as environmental stewards to the Site's Cold War legacy.

Our VISION is to be the user site of choice for large-scale, high-hazard, national security experimentation, with premier facilities and capabilities below ground, on the ground, and in the air. (See NNSS.gov for our unique capabilities.) Our 2,750+ professional, craft, and support employees are called upon to innovate, collaborate, and deliver on some of the more difficult nuclear security challenges facing the world today.

• Identify and analyze potential cloud-based threats, monitor cloud environments, and respond to security incidents.
• Monitor intrusion detection/prevention systems (IDS/IPS), Security Event and Incident Management (SEIM) tools, endpoint security tools, email gateways, firewalls, network infrastructure, and other appliances for security issues.
• Create logical and physical forensic images of digital evidence via the network or directly from hosts.
• Analyze host-based indicators of compromise or network traffic and analyze additional log, forensic, malware, or other incident response related data as needed.
• Participate as part of an incident response team to detect, respond to, contain, and remediate cyber-related threats against IT assets.
• Seize digital evidence in support of investigations and conduct host-based and network-based forensic analysis of digital evidence.
• Create detailed reports of investigative activity for consumption by internal and external organizations that include Human Resources, the Legal Department, Information Security Officers, and local, state, and federal law enforcement.
• Conduct digital investigations involving breaches of Information Technology (IT) infrastructure, forensic investigations, legal and privacy issues requiring digital investigations, and network forensic investigations handling large scale, complex post-incident investigations, where techniques such as network forensics, malware reverse engineering, log analysis, timeline creation, and host-based forensics have been applied.
• Conducting detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis, impact assessments and rapid response to aid detection of those responsible and make recommendations to assist in prevention of similar incidents.
• Focus on projects of substantial complexity and broad scope, requiring interdisciplinary coordination.
• Leverage practical experience to independently perform host-based forensic investigations to establish user activity on systems.
• Independently plan, schedule, and direct projects that are guided by established objectives, budgets, and schedules.
• Assist in researching, compiling, and analyzing technical data.
• Be relied upon to multitask as required between responsibilities.
• Review Cyber Security threat information and assist with mitigating vulnerabilities identified.
• Develop standards, practices, and procedures as well as increase technical knowledge to solve problems and complete projects.
• Contribute to an overall productive and respectful work environment by providing excellent customer service and working in a positive, collegial manner by maintaining cooperative and respectful working relationships with Cyber Security Staff, other divisions, and customers.
• Perform related duties as assigned.

• Bachelor's degree or equivalent training and experience in a computer-related field and at least 8 years of related experience.
• Ability to conduct investigations on multiple cloud platforms (SaaS, PaaS, IaaS).
• Strong knowledge of Azure, AWS, and Oracle OCI.
• Ability to configure, use, and tune cloud native security tools such as SCNAPP, CSPM, and CASB.
• Demonstrate a thorough understanding of advanced principles, theories, standards, practices, protocols, forensic hardware and software, and procedures used in Digital Forensics/Incident Response.
• Understanding of the Windows Operating System and command line tools, network protocols, and TCP/IP fundamentals.
• Understanding of the Mac Operating System and command line tools.
• Understanding of the
  * Nix Operating System and Command line tools.
• Ability to conduct forensic analysis of mobile devices including Android, iOS, Blackberry, and other cellular and tablet devices.
• Understanding of file system forensics including HFS, NTFS, FAT, EXT, and CDFS.
• Ability to conduct forensic analysis of Windows XP, Vista, 7, 8, 10, and 11 file systems, Mac OSX, and various
  * Nix platforms.
• Preferred
  
  Certifications:
• Access Data Certified Examiner (ACE)
• Certified Forensic Computer Examiner (CFCE)
• GIAC Certified…