Computer Emergency Response Team (CERT) Analyst

Overview

The primary purpose of this position is to work as a member of the Multi-State-information Sharing and Analysis Center (MS-ISAC)/Elections Infrastructure-information Sharing and Analysis Center (EI-ISAC) Computer Emergency Response Team (CERT) to help respond to cyber incidents impacting State, Local, Tribal and Territorial governments.

What You'll Do

• Provide Incident Response, Computer Forensics, and Malware Analysis services to State, Local, Tribal, and Territorial (SLTT) governments, as well as internal teams at CIS

• Perform forensic analysis on compromised systems to identify the extent and nature of the compromise and provide recommendations on remediation steps

• Conduct incident response calls with SLTT governments

• Prepare written technical reports to document the findings that result from both forensic analysis and incident response cases

• Provide support and/or research for any security-related questions or incidents reported from MS-ISAC/EI-ISAC members

• Assist with the analysis of previously undisclosed software and hardware vulnerabilities

• Perform tasks independently with some oversight

• Other tasks and responsibilities as assigned

What You'll Need

• Bachelor’s degree in Digital Forensics, Cybersecurity, Computer Science, or a related field*

• 1+ years’ experience in Incident Response, Forensics, and/or Malware Analysis

• Knowledge of incident response protocols, processes, and techniques

• Knowledge of system and application security threats and vulnerabilities

• Knowledge of adversarial tactics, techniques, and procedures

• Knowledge of various host and network-based security controls

• Familiarity with various operating systems, such as Windows, Linux, and MacOS

• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

• Must be eligible to obtain a National Security Clearance

• Must be authorized to work in the United States

It's a Plus if You Have:

• 1+ years' experience as a Security/Network Administrator or equivalent knowledge

• Experience with scripting languages such as Bash, Perl, or Python

• Experience delivering technical presentations and reports

• Familiarity with various log types (e.g. Windows Event, Web server, Firewall logs, etc…)

• Working knowledge of forensic methodologies and related tools such as FTK, EnCase, and SANS SIFT

• Certifications in related areas (e.g. GCFE, GCFA, GNFA, GCIH, GREM, CCFE, CFCE, etc…)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct

• Dishonest Conduct

• Employment Misconduct

• Alcohol Abuse

• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction)

• False Statements

• Have not resided in the US for three (3) of the past five (5) years