Host Cyber Forensics 2 with Security Clearance

Farfield will assist the Federal staff within the Cybersecurity and Infrastructure Protection Agency (CISA) Hunt and Incident Response Team (HIRT), and National Cybersecurity and Assessment and Technical Services (NCATS) branches, with a broad set of support functions.The Hunt and Incident Response Team is DHS''s front line when responding to cyber incidents andproactively hunting for malicious cyber activity. HIRT leverages world-class expertise to lead response,containment, remediation, and asset recovery efforts with its constituents and partners. HIRT providestwo primary functions to its customer. First, HIRT serves as DHS''s primary operations arm in theexecution of the asset response mission delegated to DHS.When any civilian Government agency or critical asset owner operator experiences a cyber-attack, HIRTcan provide remote and onsite advanced technical assistance. Second, HIRT also can be called upon to proactively identify malicious activity, otherwise known as a ''hunt'', specifically focusing on identifyingthreats from sophisticated threat actors that are often undetected, and in situations beyond the capacity and capability of traditional cyber security tools and techniques. *** Requires a Top Secret/SCI clearance and U.S. Citizenship*** We look for experience with: MITRE ATT& CK; Windows Event IDS; familiarity with Linux and Windows artifacts and interpretation; network topologies/ architecture; basic malware analysis; Incident Response and threat hunting (at scale); Advance Persistent Threats (APTs) tactics, techniques and protocols (TTPs); computer forensics, Digital Forensics, Memory Forensics, Red/ Blue/ Purple Team. Basic Qualifications: * Splunk use is a must. Splunk certs are great. Operational use is key* 2-4 years of experience with relevant bachelor''s and experience* 4-6 years of experience with high school diploma and relevant experience* CEH* CHFI* Security+ * Demonstrated use with: FTK, Encase, Axiom. Xways, Autopsy, SIFT, Mandiant HX, FireEye, SOF-ELK, Moloch, Wireshark, Network Miner, NetWitness, CyberChef, Corelightm, Zeek, Bro IDS, Security Onion, ArcSightDesried Qualifications: * Powershell* Python Farfield Systems will provide reasonable accommodations to applicants who are unable to utilize our online application system due to a disability. Please send your request to or call us for assistance at 410-874-9363. Farfield Systems is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Share Apply

Created: 2025-09-06