Digital Media Analysis (DMA) SME (CBP)
Task Order: TO-CBP
Req ID: Digital Media Analysis (DMA) SME (CBP)
Tier: Tier 4
LCAT: Subject Matter Expert – Mid
Shift: Regular Days (non-shift work)
Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates and reports any suspected and confirmed security violations.
The Digital Media/Computer Forensic SME will perform the following:
Utilize state of the art forensics tools(FTK/Encase,etc) to perform computer, mobile phone forensics and memory analysis (volatility, rekall) in support of incident response.
Conduct reverse engineering of suspicious files utilizing dynamic, automated and static analysis
Properly preserve evidence, maintain chain of custody and write malware analysis or forensic reports.
Must have at least one or more of the following certifications:
Encase: EnCE, SANS GIAC: GCFA, ISC2: CISSP
Education and Experience:
Five years of experience with a Bachelor’s degree in Science or Engineering Field, IT, or Cybersecurity or 7 years of relevant experience in Lieu of degree. Relevant experience in media(endpoint/cell phone) forensics, reverse engineering or dynamic/static malware analysis
Experience with Hard disk forensics and memory analysis
Forensics on Windows, Linux and Mac
Mobile Device Forensics
SANS GREM certification
SANS Mobile phone forensics certification
Experience performing computer/media forensics in Federal Government, DOD or Law Enforcement
Cyber Kill Chain Knowledge