Job Description
Public Trust: None
Requisition Type: Pipeline
Your Impact
Own your opportunity to serve as a critical component of our nation’s safety and security. Make an impact by using your expertise to protect our country from threats.
Job Description
Seize your opportunity to make a personal impact as a CI Digital Forensics Examiner supporting our intelligence customer. GDIT is your place to make meaningful contributions to challenging projects and grow a rewarding career.
At GDIT, people are our differentiators. As a CI Digital Forensics Examiner, you will help ensure that today is safe and tomorrow is smarter. Our work depends on a TS/SCI level cleared CI Digital Forensics Examiner joining our team to support our customer.
Duties & Responsibilities:
- Perform Digital Media Acquisition and Digital Forensic Review of various platforms to include Windows, Linux, and Mac OS based systems using a variety of digital forensic tools.
- Investigate suspected instances of computer, mobile device, and network penetrations.
- Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination (ENCASE and Windows Forensic toolkit are two of the many tools used for media forensics).
- Investigate computer viruses and malicious code and prepare, write, and present reports and briefings.
- Provide weekly status updates when conducting forensics
- Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
- Case File Number
- Computer Name
- User Name, File Names, etc.
- Background
- Investigation Details
- Status/Disposition
- Recommendations
- Intelligence Information Report (if deemed necessary by government lead)
- Personnel will support CI Incident Assessments to determine possible foreign intelligence entity involvement with the customer’s computer system. In the process of supporting an Incident Assessment, reports must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
- Case File Number
- Computer Name
- User Name
- Background
- Investigation Details
- Status/Disposition
- Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.
- Possess experience conducting computer forensics analysis within the Department of Defense and/or Intelligence Community.
- Attend periodic CI and law enforcement community cyber investigations awareness briefings.
- Brief CI cyber products and CI cyber service results to senior leadership.
- Collaborate with internal and external Intelligence Community partners to share and gather technical threat information to enhance forensics examinations.
- Integrate information from forensics examinations and compile results into reports as required.
- Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.
- Participate in Intelligence Community and Department of Defense technical exchange and collaboration meetings as required.
- Produce detailed CI cyber forensics reports as required.
- Provide support to all CI mission functions as required.
- Participate in IC Community and technical meetings and working groups to address issues related to computer security and vulnerabilities.
- Investigate suspected instances of computer, mobile device, and network penetrations.
- Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).
- Coordinate CI Cyber activities originating from Enterprise Incident Response Events.
- Conduct liaison between CI Office, Insider Threat, Cyber Security Operations Center (CSOC), and other Offices as applicable to conducting the CI Cyber Mission.
Skills and Experience:
Required:
- 7+ years of forensic experience in CI or law enforcement investigations.
- Gain and maintain, at vendor’s expense, a digital forensic examiner certification within six months of assignment. Qualifying certification sources include government, military, and industry.
- Meet minimum training requirements, within one calendar year of assignment, for access to DoD networks in accordance with DoDM 8140.03, by attaining and maintaining at least baseline certification for DoDM 8140.03 Information Assurance Technician Level II compliance.
Desired:
- Be a credentialed graduate of an accredited federal CI, federal law enforcement, DoD CI, or DoD law enforcement training academy.
- Possess post-graduate degree in Science, Technology, Engineering, Mathematics disciplines.
- Possess and demonstrate knowledge and understanding of foreign adversaries’ security and intelligence services, terrorist organizations, and cyber threats posed to customer, DoD and IC partners.
- Possess and provide a DoD Cyber Crimes Investigator certification.
- Experience with the latest forensic technologies such as Access Data Forensic Toolkit (FTK).
- Possess and provide a digital forensic examiner certification. Qualifying certification sources include government, military, and industry.
Location : Customer Site
Clearance : Active TS/SCI with ability to obtain CI Poly
US Citizenship Required
Work Requirements
Years of Experience
7 + years of related experience
* may vary based on technical training, certification(s), or degree
Certification
Travel Required
None
Citizenship
U.S. Citizenship Required
Job Tags
Work at office,