11 Dec, 2020

Senior Digital Forensics Analyst

  • ManTech
  • Bethesda, MD, USA
Full time Analyst

Job Description

Currently, ManTech is seeking a motivated, mission oriented Senior Digital Forensics Analyst specialized in advanced MEDEX and Technical Exploitation capabilities to join our team in the Bethesda, MD.

Responsibilities include, but are not limited to:

  • Bit-level device acquisition of PC’s, Mac’s, smartphones and other devices.
  • Expert level knowledge of solutions tracking enemy TTPs and exploiting weaknesses in the use of anti-forensic tools.
  • Advanced or Expert technical exploitation tool and script development, artifact pattern analysis, exploitation, and cross set link analysis of digital media ranging from dumb phones, smartphones, Mac's, Windows PC's, Linux PC's and other devices.
  • Advanced Technical Exploitation capabilities to include: Various Operating Systems and file systems, internet history analysis, registry analysis, application analysis, and database analysis. 
  • Provide expert-level capability in hardware configuration, network/data communications, software development, scripting, and database exploitation.
  • Researching emerging trends, capabilities, and technology.
  • Comfortable executing Python scripts, SQL queries, and other CLI commands.
  • Advanced Technical Exploitation capabilities to include:
    • Expertise in various operating systems and file systems,
    • Analysis and exploitation to include pattern recognition and cross set link analysis of forensic artifacts to include but not limited to internet history, registry, applications, virtual machines, backups, databases, and communications such as messaging and social media.
  • Provide global Technical Exploitation response capabilities to include:
    • Pattern of life and behavioral analysis through media examinations.
    • Provide deployable technical exploitation personnel to meet DOD & partner contingency requirements
    • Provide expert multi-functional exploitation expertise as required
    • Coordinate with customer operations on technical exploitation platform & training related issues.

Position Requirements:

  • Bachelor’s degree in Science, Technology, Engineering and Mathematics (STEM) discipline preferred and a minimum of eight years of demonstrated technical exploitation experience and skills such as computer forensics, technical exploitation, reverse engineering, and/or malware analysis.
  • Industry standard forensic certifications such as: EnCase Certified Examiner (EnCE), AccessData Certified Examiner (ACE), Certified Computer Examiner (CCE), or EC-Council, ISACA, (ISC)2, & GIAC related forensic certifications.
  • Must be Department of Defense (DoD) 8570 Compliant, IAT Level II or ability to obtain within six months from starting.
  • Experience and/or certified in two or more of the following commercial forensic tools: Axiom, EnCase, X-Ways, Blackbag, Physical Analyzer, and Oxygen.
  • Ability to design, implement and document computer forensics services to include evidence seizure, computer forensic analysis and data recovery.
  • Ability to convey technical information effectively and concisely to a wide range of audiences to include; presentations, briefing, and technical intelligence reports.
  • Willing to travel CONUS and/or OCONUS on TDY to include war zones.
  • Must meet CENTCOM physical and physiological deployment requirements to include carrying a weapon, before commencement of work.

Security Requirements:

  • Must possess an active TS/SCI clearance w/ a Counterintelligence (CI) Polygraph.

Highly Desired Experience:

  • Experience in intelligence reporting, investigations, and/or targeting a plus.
  • Experience conducting link analysis and Pattern of Life studies.
  • Experience writing Python scripts and SQL queries preferred.
  • Experience in hardware and/or firmware exploitation.

Physical Requirements:

  • Must be able to remain in a stationary position 50%.
  • Constantly positions self to maintain computers in the lab, including under the desks and in the server closet.
  • Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.
  • Must be able to detect, Determine, Perceive, Identify, Recognize, Judge, Observe, Inspect, Estimate, & Assess.
  • The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.