Counterintelligence Cyber Officer Level 3 - Digital Forensics Examiner

Location: Springfield, VA
Date Posted: 11-28-2017
Overall Assignment Description:  To produce, on average, 48 weekly status reports and 12 final digital forensics reports annually, while providing support to CI Cyber Threat and Technical Analyst requirements.
  • Perform Digital Media Acquisition and Digital Forensic Review of various platforms to include Windows, Linux, and Mac OS based systems using a variety digital forensic tools.
  • Investigate suspected instances of computer, mobile device, and network penetrations. Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination (ENCASE and Windows Forensic Toolkit are two of the many tools used for media forensics).
  • Investigate and eradicate computer viruses and malicious code and prepare, write, and present reports and briefings.
  • Provide weekly status updates when conducting forensics.
  • Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance).
  • Personnel will conduct CI cyber inquiries to determine possible foreign intelligence entity involvement with an NGA computer system. In the process of conducting an inquiry, Reports of Inquiry must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance).
  • Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.
  • Experience conducting computer forensics analysis within the Department of Defense and/or IC.
  • Attend periodic CI and law enforcement community cyber investigations awareness briefings.
  • Brief CI cyber products and CI cyber service results to senior NGA leadership.
  • Collaborate with internal and external IC partners to share and gather technical threat information to enhance forensics examinations.
  • Integrate information from forensics examinations and compile results into reports as required.
  • Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.
  • Participate in IC and Department of Defense technical exchange and collaboration meetings as required.
  • Produce detailed CI cyber forensics reports as required.
  • Provide support to all CI mission functions as required.
  • Participate in IC Community and NGA technical meetings and working groups to address issues related to computer security and vulnerabilities.
  • Investigate suspected instances of computer, mobile device, and network penetrations.
  • Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination.
  • Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).
  • Coordinate CI Cyber activities originating from Enterprise Incident Response Events.
  • Conduct liaison between CI Office and CSOC.

Duties may include:
  • Investigate suspected instances of computer, mobile device, and network penetrations.
  • Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination (ENCASE and Windows Forensic Toolkit are two of the many tools used for media forensics).
  • Investigate and eradicate computer viruses and malicious code and prepare, write, and present reports and briefings.
  • Provide weekly status updates when conducting forensics.
  • Provide a written report at the conclusion of each forensics examination.  Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
    • Case File Number
    • Computer Name
    • User Name, File Names, etc… 
    • Background   
    • Investigation Details    
    • Status/Disposition
    • Recommendations
    • Intelligence Information Report (if deemed necessary by government lead)
  • Personnel will conduct CI cyber inquiries to determine possible foreign intelligence entity involvement with an NGA computer system. In the process of conducting an inquiry, Reports of Inquiry must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
    • Case File Number
    • Computer Name
    • User Name 
    • Background   
    • Investigation Details    
    • Status/Disposition
  • Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.
  • Possess experience conducting computer forensics analysis within the Department of Defense and/or Intelligence Community.
  • Attend periodic CI and law enforcement community cyber investigations awareness briefings.
  • Brief CI cyber products and CI cyber service results to senior NGA leadership.
  • Collaborate with internal and external Intelligence Community partners to share and gather technical threat information to enhance forensics examinations.
  • Integrate information from forensics examinations and compile results into reports as required.
  • Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.
  • Participate in Intelligence Community and Department of Defense technical exchange and collaboration meetings as required.
  • Produce detailed CI cyber forensics reports as required.
  • Provide support to all CI mission functions as required.
  • Participate in IC Community and NGA technical meetings and working groups to address issues related to computer security and vulnerabilities.
  • Investigate suspected instances of computer, mobile device, and network penetrations.
  • Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination.
 

Skills and Experience:

Required:
  • Shall possess a minimum of 7 years of continual forensics experience in CI or CI cyber investigations. 
  • Shall possess a Bachelor’s Degree (in Science, Technology, Engineering, or Mathematics preferred).
  • Possess or gain and maintain, at vendor’s expense, a digital forensic examiner certification within six months of assignment. Qualifying certification sources include government, military, and industry. 
  • Must obtain and maintain IAT II certification to comply with DoD 8570.01-M Information Assurance Technical (IAT) requirements within one calendar year of assignment at the sole expense of the vendor.
  • Shall have strong research, critical thinking and analytic skills. Strong written and oral communication skills. Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).


Desired:
  • Possess post-graduate degree in Science, Technology, Engineering, or Mathematics..
  • Be a credentialed graduate of an accredited federal CI, federal law enforcement, DoD CI, or DoD law enforcement training academy.
  • Demonstrate experience with foreign adversaries’ security and intelligence services, terrorist organizations, and cyber threats posed to NGA, DoD and IC partners.
  • Demonstrates experience with the latest forensic technologies such as Access Data Forensic Toolkit (FTK).
  • Possess a DoD Cyber Crimes Investigator certification.
  • Possess a digital forensic examiner certification. Qualifying certification sources include government, military, and industry.


SECURITY CLEARANCE IS REQUIRED
 
AC4S is an Equal Opportunity Employer, including disabled and vets
this job portal is powered by CATS
Powered by CATS.