Media Malware Analyst


On this contract that is pending final award in November 2016, CSRA will support a cyber center of excellence that serves Department of Defense personnel and several Federal agencies.

The program delivers digital forensics and multimedia (D/MM) lab services, incident response, cyber tool/capability development, and cyber analytical support for information assurance (IA), critical infrastructure protection (CIP), law enforcement and counterintelligence (LE/CI), document and media exploitation (DOMEX), and counterterrorism (CT).

The candidate will have the opportunity to gain Department of Defense forensic certifications while under mentorship. The work will be performed in a laboratory accredited by the American Society of Crime Laboratory Director’s Laboratory Accreditation Board (ASCLD/LAB).

Media, Malware Analyst is the forensic analysis of media and software reverse engineering.

Essential Job Functions

  • Designs audits of computer systems to ensure they are operating securely and that data is protected from both internal and external attack. Makes recommendations for preventive measures as necessary.
  • Assesses assigned system to determine system security status. Designs and recommends security policies and procedures to implement; ensures compliance to policies and procedures.
  • Designs training materials for computer security education and awareness programs.
  • Evaluates highly complex security systems according to industry best practices to safeguard internal information systems and databases.
  • Defines and reviews security requirements and subsequently reviews complex systems to determine if they have been designed and established to comply with established standards.
  • Leads investigations of security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summary to management.
  • Responds to more complex queries and request for computer security information and reports from both internal and external customers.
  • Provides technical consultation on highly complex tasks; may assist and/or provide limited direction to lower level technical personnel.
  • Provides product recommendations of security packages to customers; Reviews vendor products and makes recommendations as appropriate. Conducts cost analyses to determine feasibility of new products for clients.
  • Develop and release government approved analysis findings in technical analysis reports
  • Identify unique indicators, TTPs, patterns, or heuristics from malware artifacts for the development of detection and mitigation strategies
  • Collaborate with anti-virus vendors for malware submissions to aid vendor anti-virus updates
  • Extract malicious files from digital media and sources
  • Identify, analyze, and document adversarial activities to gain unauthorized access to DoD systems
  • Analyze to determine sophistication, priority, and threat of identified malware
  • Examine media and malware analysis reports and operational reporting from DoD incidents to correlate similar events, tradecraft, and TTPs of malicious activity
  • Develop metrics and trending/analysis reports of malicious activity used to compromise the DODIN
  • Develop, document, and convey operational requirements for the development, procurement, or implementation of media, malware analysis capabilities such as the Joint Malware Catalog (JMC), Joint Indicator Database (JID), Joint Incident Management System (JIMS), and Unified Cyber Analytics Portal (UCAP)
  • Develop and conduct update briefs, presentations, and papers to USCYBERCOM leadership to ensure situational awareness and status are conveyed related to the assigned project areas
  • Conduct log and system analysis for various system and network capabilities to include routers, Windows, and UNIX
  • Update DoD shared situational awareness mechanisms to include USCYBERCOM websites, Wikipedia style solutions, and collaboration/chat mechanisms
  • Identify new exploits and security vulnerabilities, analyze behavior of malicious code, research open source data, document host/network signatures, and develop mitigation and remediation strategies
  • Provide MD5 Hash updates. Validate, update, post and maintain MD5 Hash list for signature repository
  • Conducts analysis on the lifecycle of adversary anatomy of attack and exploitation and the associated tools, malware, and encryption mechanisms utilized
  • Identify patterns in reported compromises and identify additional compromises as part of the same incident.

Basic Qualifications

  • CISSP certification preferred
  • Bachelor’s Degree or higher from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline
  • Master’s Degree may be substituted for two (2) years of relevant experience
  • Seven or more years of experience in computer science, management information systems, or data security experience
  • Experience working with information security practices, networks, software, and hardware
  • Experience working with computer programming
  • Experience working with operating systems
  • Experience working with computer desktop packages such as Microsoft Word, Excel, etc.
  • Experience working with security architecture

Other Qualifications

  • Strong analytical and problem solving skills for resolving security issues
  • Good organization skills to balance work and lead projects
  • Basic leadership skills to effectively mentor and lead junior level personnel
  • Good interpersonal skills to interact with customers and team members
  • Strong communication skills to interact with team members and support personnel
  • Strong skills implementing and configuring networks and network components
  • Ability to work with relational databases
  • Ability to work in a team environment

CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Job Type: Regular
Schedule: Full-time
Remote Work Authorized: No
Relocation Assistance: Not Available
Travel: Yes, 25 % of the Time
Clearance Level: Secret
Employee Status: Regular


. . . . . . . .

Leave a Reply