Cyber Defense Forensics Analysts - Mid

About Arthrocyber

Arthrocyber LLC is a premier cybersecurity and IT solutions provider focused on defending enterprises and government organizations against today’s most advanced cyber threats. We specialize in incident response, digital forensics, cyber defense, and proactive threat hunting. Our mission-driven team blends technical expertise with innovation to protect critical assets and deliver measurable results.

Position Overview

Arthrocyber LLC is seeking a Cyber Defense Forensics Analysts - Mid to support advanced cybersecurity operations for a U.S. Government civilian agency. This role requires solid experience in host- and network-based forensics, threat detection, and malware analysis. The successful candidate will contribute to investigations by applying strong technical skills, collaborating with senior team members, and ensuring the integrity of sensitive evidence throughout the process.

This position requires an Active clearance

Responsibilities

• Strong written and verbal communication skills.
• Create detections and automation to detect, contain, eradicate, and recover from security threats.
• Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures).
• Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
• Solid knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
• Solid understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats.
• Good knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
• Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK).
• Ability to perform deep analysis of captured malicious code (e.g., malware forensics).
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.

Required Skills & Experience

• Active Secret clearance or higher
• Bachelor’s degree or higher
• 5+ years’ performing cyber threat hunting and forensics support for incident response.
• Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering.

Preferred Qualifications

• Experience in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• Ability to analyze malware and conduct vulnerability scans and recognize vulnerabilities in security systems.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Experience evaluating the adequacy of security designs.
• Skill in using incident handling methodologies.
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Experience with using protocol analyzers and collecting data from a variety of cyber defense resources.
• Experience reading and interpreting signatures (e.g., snort).
• Experience with assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
• Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Job Type: Full-time

Pay: From $100,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Referral program
• Tuition reimbursement
• Vision insurance

Security clearance:

• Secret (Required)

Ability to Commute:

• Washington, DC 20230 (Required)

Ability to Relocate:

• Washington, DC 20230: Relocate before starting work (Required)

Work Location: In person