Overview:

Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Crestview, FL; Orlando, FL and Tupelo, MS

Mission:

Quantum is seeking highly qualified Cyber Incident Response-Forensics Analyst to provide support with the National Cyber Security Operations Center's DFIR Team. In this role, you will conduct incident response through triage, data collection, analysis, containment and remediation. You will also conduct threat hunting activities to identify previously undetected compromises. Additionally, you will assist the customer prepare for cyber security incidents by developing playbooks and conducting tabletop exercises.

Responsibilities:

• Perform Tier 2 or higher analysis in our Security Operations Center in order to identify incidents or events that require additional investigations.
• Identify attacker tools, tactics, and procedures in Indicators of Compromise (IOCs) that can be applied to detection rules, threat hunting missions, as well as current and future investigations.
• Analyze submissions to client phishing inbox and investigate for malicious content and attachments.
• Maintain strict chain-of-custody processes and positive control for devices and media submitted by clients.
• Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations and root cause analysis.
• Utilize new technology to conduct remote investigations and examine endpoint and network-based sources of evidence.
• Communicate investigation findings and present comprehensive and accurate reports, training, and presentations for both technical and executive audiences with recommendations for improvements to client cyber security posture.
• Other duties as assigned for IR Analyst that may include: team building, mentorship and execution of leadership tasks.

Requirements:

• Bachelor's Degree in a relevant technical discipline desired, may consider in lieu if degree- 4 + years of experience and certifications.
  • Applicable Certifications include any of the following or combined: CISSP, CISA, GCFA, GCFE, GNFA, CySA+, GCIA, GCIH, OSCP, Security+, CEH or GSEC.
• Minimum of 3 years experience in an Incident Response role conducting host forensics, memory analysis, network traffic analysis, and log analysis- DoD/military experience a plus
• Experience using industry standard IR and forensic tools, such as EnCase, Magnet Axiom, FTK, SIFT, or other open-source forensic tools.
• Thorough understanding of the incident response lifecycle and digital forensic investigative processes.
• Strong technical documentation skills with experience writing reports, explaining technical details in a concise, understandable manner
• Competent understanding of IP networking fundamentals, protocols and port port security.
• Capability to work in a team environment and independently as needed.
• Ability to travel occasionally within the U.S.
• Must be able to obtain/maintain a DoD Security Clearance

Desired Skills and Qualifications:

• Experience using a Security Information and Event Management (SIEM) platform, such as Splunk.
• Experience conducting malware and binary analysis, such as basic and advanced static and dynamic analysis, disassembly, and debugging.
• Experience conducting investigations of a variety of operating systems, including Windows, Linux, and Mac.
• Experience conducting networks and non-networked acquistiion of endpoint data.
• Certifications: CISSP, CISA, GCFA, GCFE, GNFA, CySA+, GCIA, GCIH, OSCP, Security+, CEH or GSEC.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.