Remote Cyber Incident Mgmt Network Forensics

The Josef Group Inc.  Washington DC-Baltimore Area (Remote)

NEW DoD Program

TS/SCI clearance is required

Basic understanding of host & network forensics; understanding log review(s); differentiate between malign & malicious activities; experience with firewalls; incident response; windows event managers; firewalls; windows event IDs; MITRE ATT&CK processes; understanding of legal requirements; attack vectors; tactics, techniques, and protocols (TTPs), etc.

Splunk, operational use. intermediary proficiency & understanding of the following applications: FTK, Encase, Axiom, Xways, Mandiant HX, FireEye, SOF-ELK, Moloch, Wireshark, Network Miner, NetWitness, CyberChef, Corelightm, Security Onion, ArcSight, Zeek/Bro, Gigamon or other packet brokers, ELKStack, SourceFire, Tanium, Palo Alto, TCPDump, Tshark, Nagios, Suricata, Corelight, various firewalls (F/Ws) & router set-up/admin, Domain Tools (IRIS), AWS Cloud, Azure, Google Cloud