The Contractor shall:
- Advise of the day-to-day activities of the Forensics Laboratory; Develop and maintain the biweekly forensic activities report that identifies Forensic Team accomplishments and goals. Participate in IT security meetings and briefings; attend Enterprise Architecture meetings and briefings as required.
- Track evidence inventory for intake and release of all evidence items delivered to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records.
- Case intake and logging to include entries/updates to the Case Management System and coordination of case load.
- Ensure completed requests for service for all requests are received by the forensic laboratory. This includes verification of all related deliverables.
- Read and analyze packet traces and raw log dumps.
- Provide support, reports and all related deliverables on „chain of custody‟ matters.
- Create Digital forensics reports
- Process a case from intake, processing, and reporting within 2 weeks.
- Maintain requests for service for all requests received by the forensic laboratory.
- Perform advanced forensics collection techniques using EnCase® software, read and analyze packet traces and raw log dumps.
- Provide support, reports, and all related deliverables on „chain of custody‟ matters.
- Attend weekly DHS Focused Operations meetings.
- Participate in weekly TSA Network Intrusion Working Group meetings
- Perform advanced reverse engineering techniques using debugging software, and behavioral analysis techniques.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret clearance is required and must be clearable to the Top Secret level.
- 6 years of strong security experience is required.
- Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
- Proficiency with utilizing and evaluating results from the following set of tools to include but not limited to: Encase, FTK, Sawmill, Norman sandbox, Ida pro, and HB Gary.
- Proficiency with Operating Platforms to include but not limited to: Windows, Apple, and LINUX.
- Previous experience with handling and processing of digital evidence to include imaging, chain of custody, and analysis
- Hands on experience with processing large data sets and RAID configurations
- Familiarity with networking technologies and packet structure.
- Experience as a court recognized expert witness in the area of digital evidence collection.
- Prior experience writing objective, accurate, and concise reports effectively communicating all findings to stakeholders
- Industry standard Forensic Certifications such as EnCE or SANS GIAC preferred.