Assembles and coordinates with customer technical teams and third-parties to resolve incidents as quickly and efficiently as possible
Ensures adequate and timely receipt, tracking, and response to eDiscovery and computer forensic requests to meet audit, compliance and legal requirements
Conducts forensic examinations of electronic evidence, including computer-related equipment, and mobile devices
Prepares written reports of forensic examination findings, briefs senior leadership
Uses forensic software applications to analyze electronic media
Physically disassembles and reassembles computers and related hardware
Monitors the collection, documentation, transportation, labeling, and security of evidence during forensic processing
Performs a variety of highly technical analyses and procedures dealing with the collection, processing, preservation, analysis, and presentation of computer-related evidence, and is responsible for disseminating and reporting cyber-related activities.
Preserves and analyzes data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.
Supervises the investigations of network intrusions to determine the cause and extent of the breach.
Preserves, harvests, and processes electronic data according to the DHS’s policies and practices.
Utilizes forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files.
If requested, assists law enforcement officers in helping to solve cybercrimes or find electronic evidence of other kinds of crime.
This position could be deployed in the field on-site at a DHS customer to support/perform incident response or cyber hunt activities if the need arises.
This position could possibly be designated as critical to agency operations and may be required to be deployed as part of an Emergency Relocation Group (ERG) in conjunction with COOP deployment or emergency activation team.
Active Top Secret Security Clearance with SCI eligibility is required. In addition, must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment
Certifications: One or more of the following Certification(s): GCFE, GCFA, GREM, Encase, SANS Institute Forensic Toolkit (SIFT) or FTK vendor certifications and product experience,
CISM is preferred.
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
10-15 years of related experience in data security administration.