The CGI Federal Security Operations Center (SOC) is seeking a mid-level Digital Forensic Analyst to support intrusion and insider threat investigations for internal and external customer incidents. The Digital Forensic Analyst will be responsible for using a wide variety of forensic tools and investigative methods to find: specific electronic data, locate malicious code, determine the infection vector, scope of the compromise, malware artifacts, possible data ex-filtration activity, documents, photos and e-mails from computer hard drives and other data storage devices, such as zip and flash drives that have been deleted, damaged or otherwise manipulated.
Your future duties and responsibilities:
• Conducting data forensic investigations for enterprise computer security incidents including but not limited to internal and external intellectual property theft, attacks/intrusions, computer abuse and insider threats investigations
• Demonstrated skill performing operational software/hardware testing on digital equipment and other electronic devices.
• Ability to follow through on leads until all possible avenues in investigating a case have been exhausted.
• Prepare reports and documents case details, development and outcome.
• Experience performing log analysis.
• Analyze data and investigative information.
• Demonstrated skill in performing post-incident computer forensics without destruction of critical data.
• Organize all relevant case information in easy-to understand format.
Required qualifications to be successful in this role:
• Ability to read and interpret PCAP data
• Ability to review and interpret host-based alerting
• Ability to work greater than 40 hours per week as needed
• Ability to act as full-time on-call for escalation of cyber security incidents
• Experience with Digital Forensics tools (e.g., EnCase, FTK).
• Experience with SIEM platforms (e.g. Splunk, ArcSight)
• Experience with Microsoft, Apple, and Linux-based operating systems.
• Experience with Encase or similar forensics tools as a Digital Forensics Analyst
• Extensive experience in Forensic Analysis of compromised systems
• Strong knowledge of policies and procedures regarding chain of custody practice
• Familiarity with forensic artifacts typically found on Windows and Linux operating systems
• Knowledge of proper forensic investigation techniques when working with compromised system images or files;
• Be able to provide training and mentoring to other team member
• Bachelors or five plus years of work experience with Digital Forensic investigations in lieu of B.S degree
• Five plus years of experience in Investigative or Incident Response Environments
• Five plus years of Computer Forensic Experience
• Five plus years of Technical Report Writing Experience
• Five plus years of experience with EnCase, FTK, X-Ways or Other Computer Forensic Tools
– Digital Forensic and Incident Response Certifications such as GCFE, GCFA, CHFI, CCE, CFCE
• Prefer proficiency with EnCase and be able to summarize the findings in a formal technical report
• One or More Related Certifications such as the EnCE, CFCE, GCFE or GCFA
• Knowledge of a programming or scripting language
• Experience with volatile memory analysis
Due to the nature of the government contract, US Citizenship and the ability to hold a clearance is required.
What you can expect from us:
At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company – one that has grown to 65,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients – and for our members. Come grow with us. Learn more at www.cgi.com.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary depending upon specific assignment, or upon any US government security clearance if required. Qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, gender Identity, sexual orientation, national origin, age, disability, veteran status, pregnancy, or other status protected by law. CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.