Forensic Malware Analyst (TS/SCI)

Red River is seeking a Forensic Malware Analyst for the 33rd Network Warfare Squadron (33 NWS) conducting Air Force Defensive Cyberspace Operations. This contract provides support 24 hours a day/seven days a week/365 days a year spanning cyber defense, network operations and information protection.

Responsibilities:

The ability of the AFCERT to complete its mission is dependent upon accurate, timely and thorough execution of computer forensics on suspected and confirmed compromised AF systems in order to determine the method of intrusion and corrective actions to be taken to prevent or detect similar future activities. The Forensic Malware Analyst contractor may be required to provide 24 hour coverage (shift work) for seven (7) days a week, 365 days a year.

• Document all findings in the investigation/incident log.
• Track evidence inventory for intake and releasing evidence items delivered to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records.
• Apply best principles and practices in accordance with CJCSM 65-10.01B Enclosure A in retrieving, recovering, and preserving digital evidence.
• Utilize leading forensic tools such as EnCase, FTK, CloudStrike, FireEye, and other systems as required.
• Conduct analysis of metadata.
• Conduct forensic examinations of digital media from a variety of sources including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence.
• Confirm malicious activity when new information is identified through the course of forensic analysis.
• Investigate network and computer intrusions to identify root cause and generate indicators of compromise and document all findings in the investigation/incident log for each file.
• Perform software reverse engineering of suspected malicious files to verify if system compromise occurred document all findings in the investigation/incident log for each file.
• Perform Memory Forensics and Malware reverse engineering, analysis and extract IOCs (Indicators of Compromise).
• Parse through multiple gigabytes of log data utilizing native Unix/Linux command line tools.
• Create and run scripts that will collect and analyze logs utilizing Unix/Linux commands.
• Analyze Linux/Unix/Windows operating systems, TCP/IP and PCAP data.
• Perform Hard Drive Analysis of suspected/confirmed infected system and document all findings in the investigation/incident log for each hard drive.
• Develop methods to identify, contain, log, and analyze malware‐based activities on AF AIS and networks.
• Provide support to AF network administrators on the installation and analysis of packet sniffers on their network topology.
• Generate forensic reports and synopses presenting complex technical processes and findings clearly and concisely to technical and non-technical. Collaborate with leadership and external agencies, including Counter‐Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts.
• Collaborate with leadership and external agencies, including Counter-Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts.
• Provide AF OSI DCO technical support to law enforcement and counter‐ intelligence activities.
• Turn any investigation over to AF OSI if it is determined during the course of an investigation a law was broken.
• Be prepared to travel and support and/or augment Incident Response deployment with same day notice. This travel will allow responders to support the retrieval of hard drives or miscellaneous storage media, isolate system(s) for additional investigation, and performing other on‐site Incident Response actions.
• Set up monitor or “cage” at an on‐site location.
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Create and document metrics for reporting and analysis to improve weapon system processes and mission execution.
• Conduct Behavioral, Static, and Dynamic analysis of hard drives, and files.
• Provide requested forensic information to operational flight commander as it relates to the Host Detection processes and procedures.

Qualifications:

• Active TS/SCI clearance
• DoD Approved 8570 IAT Level III and CND certifications and GCFA and GREM certifications.
• 5 years of experience as a Forensic Malware Technician.
• Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh‐based computers and servers.
• Strong skill in and a strong understanding of: the use of a variety of forensic tools (Access Data, FTK, Guidance EnCase; including mobility (Axiom/BlackBag Mobilyze/Cellebrite/Paraben and in, FTK, X‐Ways Forensics, FireEye, Volatility, Sleuthkit, BlackBag tools) and various Open Source forensic tools.
• Shell Scripting is a plus.
• Experience writing intelligence and technical articles for production and dissemination.
• Very proficient w/ malware analysis, sandboxing, and software reverse engineering. Proficient Experience
• with scripting languages such as Python and PowerShell.
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
• Desired: GCTI and/or ACE certifications and experience.

Red River offers a competitive salary, excellent benefits and an exceptional work environment. You can review our benefit offerings here . If you are ready to join a growing company, please submit your resume and cover letter (optional).

EOE M/F/DISABLED/Vet

Red River is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.

COVID Vaccination: Prospective and/or new employees will be required to comply with Red River's COVID vaccination policy (which includes being fully vaccinated to enter a Red River office or attend a Red River event) and, if applicable to the position, government vaccination mandates. Where required, Red River employees must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to applicable vaccination requirements and must have an approved exemption prior to the start of their employment. Customer site vaccination requirements, if more stringent, will take precedence over Red River's vaccination policy. Applicants in need of an exemption due to a sincerely held belief or disability should contact accommodation@redriver.com.

Red River does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless Red River has an active agreement in place with the recruiter and such a request has been made by the Red River Talent Acquisition team and such candidate was submitted to the Red River Talent Acquisition Team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to Red River in violation of this policy may be used by Red River without obligation to pay any fees of any kind to the recruiter.