About Us:
The Ohio Department of Administrative Services (DAS), Office of Information Technology (OIT) is seeking an experienced and motivated professional to serve as a Forensic Analyst (Enterprise Security Professional 2) for the Office of Information Security and Privacy (OISP) team within the Office of Information Technology at DAS.
Led by Director Kathleen C. Madden, the Ohio Department of Administrative Services is the engine of state government, providing innovative solutions and supporting the efficient operation of state agencies, boards and commissions. The Office of Information Technology at DAS delivers information technology (IT) and telecommunication services to State of Ohio agencies, boards and commissions.
What You'll Do:
Under general supervision in the Office of Information Security and Privacy, collects and forensically analyzes intrusion artifacts and use discovered data to enable mitigation of potential incidents within the enterprise:
- Analyze identified malicious activity to determine weaknesses exploited.
- Exploitation methods & effects on system &
- information or evaluate & support documentation
- Confirms what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
- Conducts security forensic activities and review security logs to validate access and activity.
- Triages malware of a forensic device to the dropper file or source of infection.
- Preserves original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
- Follows chain of custody procedures for all digital media acquired in accordance with the Federal Rules of Evidence.
- Examines recovered data for information of relevance to the issue at hand
- Performs virus scanning on digital media
- Prepares digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures)
- Uses network monitoring tools to capture and analyze network traffic associated with malicious activity
- Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Identifies specific vulnerabilities
- Performs real-time Incident Handling tasks to support deployable Incident Response Teams (IRTs)
- Mentors and assists junior staff
Performs other duties as assigned.
*This position requires the employee to be able to obtain a SECRET level U.S. Government security clearance.
What's in it for you:
At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:
Medical Coverage
- Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.
Dental, Vision and Basic Life Insurance
- Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.
Time Away From Work and Work/Life Balance
- Paid time off, including vacation, personal, and sick leave
- 11 paid holidays per year
- Childbirth/Adoption leave
Employee Development Funds
- The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.
Ohio Public Employees Retirement System
- OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee's salary. Visit the OPERS website for more information.
Deferred Compensation
- The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.
Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.
Minimum Qualifications:
Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
-Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981.
-Or equivalent of Minimum Class Qualifications For Employment noted above.
Job Skills: Cybersecurity, Data Analytics, Risk Assessment, Attention to Detail, Interpreting Data
Knowledge:
- Database procedures used for documenting and querying reported incidents
- Forensic lab design configuration and support applications
- Anti-forensic tactics, techniques and procedures
- Reverse engineering concepts
- Incident response and handling methodologies
- Applicable laws
- Basic concepts and practices of processing digital forensic data
- Basic physical computer components and architectures, including the functions of various components and peripherals
- Deployable forensics
- Hacking methodologies in Windows or Unix/Linux environment
- How different file types can be used for anomalous behavior
- Investigative implications of hardware, Operating Systems, and network technologies
- Malware analysis concepts, methodologies and tools
- Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
- Seizing and preserving digital evidence (e.g., chain of custody)
- Different classes of attacks and general attack stages
- Network traffic analysis methods
- Security event correlation tools
Skills:
- Performing root cause analysis for incidents
- Using incident handling methodologies
- Handling malware
- Performing damage assessments
- Preserving evidence integrity according to standard operating procedures or national standards
- Analyzing anomalous code as malicious or benign
- Analyzing memory dumps to extract information
- Analyzing volatile data
- Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
- Identifying and extracting data of forensic interest in diverse media
- Physically disassembling PCs
- Setting up a forensic workstation
- Using binary analysis tools
- Using forensic tool suites
- Using virtual machines
- Identifying obfuscation techniques
Abilities:
- Interpret and incorporate data from multiple tools sources
- Examine digital media on multiple operating platforms
- Draft and compile concise technical reports
*developed after employment