Advise of the day-to-day activities of the Forensics Laboratory; Develop and maintain the biweekly forensic activities report that identifies Forensic Team accomplishments and goals. Participate in IT security meetings and briefings; attend Enterprise Architecture meetings and briefings as required.
Track evidence inventory for intake and release of all evidence items delivered to the forensics laboratory. This includes insuring proper handling and maintenance of evidence and chain of custody records.
Case intake and logging to include entries/updates to the Case Management System and coordination of case load.
Ensure completed requests for service for all requests are received by the forensic laboratory. This includes verification of all related deliverables.
Read and analyze packet traces and raw log dumps.
Provide support, reports and all related deliverables on „chain of custody‟ matters.
Create Digital forensics reports
Process a case from intake, processing, and reporting within 2 weeks.
Maintain requests for service for all requests received by the forensic laboratory.
Perform advanced forensics collection techniques using EnCase® software, read and analyze packet traces and raw log dumps.
Provide support, reports, and all related deliverables on „chain of custody‟ matters.
Attend weekly DHS Focused Operations meetings.
Participate in weekly TSA Network Intrusion Working Group meetings
Perform advanced reverse engineering techniques using debugging software, and behavioral analysis techniques.
REQUIREMENTS: Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required w/ previous SCI held.
6 years of strong security experience is required.
Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
Proficiency with utilizing and evaluating results from the following set of tools to include but not limited to: Encase, FTK, Sawmill, Norman sandbox, Ida pro, and HB Gary.
Proficiency with Operating Platforms to include but not limited to: Windows, Apple, and LINUX.
Previous experience with handling and processing of digital evidence to include imaging, chain of custody, and analysis
Hands on experience with processing large data sets and RAID configurations
Familiarity with networking technologies and packet structure.
Experience as a court recognized expert witness in the area of digital evidence collection.
Prior experience writing objective, accurate, and concise reports effectively communicating all findings to stakeholders
Industry standard Forensic Certifications such as EnCE or SANS GIAC preferred.