Lead Forensic Analyst (Enterprise Information Security Professional 2)

About Us:

The Ohio Department of Administrative Services (DAS), Office of Information Technology (OIT) is seeking an experienced and motivated professional to serve as a Forensic Analyst (Enterprise Security Professional 2) for the Office of Information Security and Privacy (OISP) team within the Office of Information Technology at DAS. 

Led by Director Kathleen C. Madden, the Ohio Department of Administrative Services is the engine of state government, providing innovative solutions and supporting the efficient operation of state agencies, boards and commissions. The Office of Information Technology at DAS delivers information technology (IT) and telecommunication services to State of Ohio agencies, boards and commissions. 

What You'll Do:

Under general supervision in the Office of Information Security and Privacy, collects and forensically analyzes intrusion artifacts and use discovered data to enable mitigation of potential incidents within the enterprise:

• Analyze identified malicious activity to determine weaknesses exploited.
• Exploitation methods & effects on system &
• information or evaluate & support documentation
• Confirms what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
• Conducts security forensic activities and review security logs to validate access and activity.
• Triages malware of a forensic device to the dropper file or source of infection.
• Preserves original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
• Follows chain of custody  procedures for all digital media acquired in accordance with the Federal Rules of Evidence.
• Examines recovered data for information of relevance to the issue at hand
• Performs virus scanning on digital media
• Prepares digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures)
• Uses network monitoring tools to capture and analyze network traffic associated with malicious activity
• Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation 
• Identifies specific vulnerabilities
• Performs real-time Incident Handling tasks to support deployable Incident Response Teams (IRTs)
•  Mentors and assists junior staff

Performs other duties as assigned. 

*This position requires the employee to be able to obtain a SECRET level U.S. Government security clearance.

What's in it for you:

At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:

Medical Coverage

• Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans. 

Dental, Vision and Basic Life Insurance

• Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.

Time Away From Work and Work/Life Balance

• Paid time off, including vacation, personal, and sick leave 
• 11 paid holidays per year
• Childbirth/Adoption leave

Employee Development Funds

• The  State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.

Ohio Public Employees Retirement System

• OPERS is the retirement system for State of Ohio employees.  The employee contributes 10% of their salary towards their retirement.  The employer contributes an amount equal to 14% of the employee's salary.  Visit the OPERS website for more information.

Deferred Compensation

• The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.

Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.

Minimum Qualifications: 

Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data. 
-Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981.
-Or equivalent of Minimum Class Qualifications For Employment noted above.
Job Skills: Cybersecurity, Data Analytics, Risk Assessment, Attention to Detail, Interpreting Data

Knowledge:

1. Database procedures used for documenting and querying reported incidents
2. Forensic lab design configuration and support applications
3. Anti-forensic tactics, techniques and procedures
4. Reverse engineering concepts
5. Incident response and handling methodologies
6. Applicable laws
7. Basic concepts and practices of processing digital forensic data
8. Basic physical computer components and architectures, including the functions of various components and peripherals
9. Deployable forensics
10. Hacking methodologies in Windows or Unix/Linux environment
11. How different file types can be used for anomalous behavior
12. Investigative implications of hardware, Operating Systems, and network technologies
13. Malware analysis concepts, methodologies and tools
14. Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
15. Seizing and preserving digital evidence (e.g., chain of custody)
16. Different classes of attacks and general attack stages
17. Network traffic analysis methods
18. Security event correlation tools

Skills:

1. Performing root cause analysis for incidents
2. Using incident handling methodologies
3. Handling malware
4. Performing damage assessments
5. Preserving evidence integrity according to standard operating procedures or national standards
6. Analyzing anomalous code as malicious or benign
7. Analyzing memory dumps to extract information
8. Analyzing volatile data
9. Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
10. Identifying and extracting data of forensic interest in diverse media
11. Physically disassembling PCs
12. Setting up a forensic workstation
13. Using binary analysis tools
14. Using forensic tool suites
15. Using virtual machines
16. Identifying obfuscation techniques

Abilities:

1. Interpret and incorporate data from multiple tools sources
2. Examine digital media on multiple operating platforms
3. Draft and compile concise technical reports

*developed after employment