Ohio Department of Administrative Services – Columbus, OH

Enterprise Information Security Professional

Closes: 02/24/2020

The Ohio Department of Administrative Services, Office of Information Technology, is seeking an Enterprise Information Security Professional 2 to join the information security team and perform the following duties:
Under general supervision in the Office of Information Security and Privacy, collects and forensically analyzes intrusion artifacts and use discovered data to enable mitigation of potential incidents within the enterprise:

  • Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion
  • Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
  • Decrypt seized data using technical means
  • Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
  • Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
  • Examine recovered data for information of relevance to the issue at hand
  • Perform file signature analysis
  • Perform static and live forensic analysis
  • Perform timeline analysis as well as static malware and media analysis
  • Perform virus scanning on digital media
  • Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures)
  • Provide technical assistance on digital evidence matters to appropriate personnel
  • Serve as technical experts and liaisons to law enforcement personnel and explain incident details, provide testimony, etc.
  • Use an array of specialized computer investigative techniques and programs to resolve the investigatio
  • Use network monitoring tools to capture and analyze network traffic associated with malicious activity
  • Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Identify the specific vulnerability and make recommendations that enable expeditious remediation
  • Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
  • Write and publishes guidance and reports on incident findings to appropriate constituencies
  • Perform real-time Incident Handling tasks to support deployable Incident Response Teams (IRTs) 

Perform other related duties as needed:

  • Work as a team lead and assists other staff when needed
  • Assist and train lower level data security personnel in incident response and incident analysis processes

*This position requires the employee to be able to obtain a SECRET level U.S. Government security clearance.

Qualifications

 Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.

-Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981.

-Or equivalent of Minimum Class Qualifications For Employment noted above. Knowledge

  1. Database procedures used for documenting and querying reported incidents
  2. Forensic lab design configuration and support applications
  3. Anti-forensic tactics, techniques and procedures
  4. Reverse engineering concepts
  5. Incident response and handling methodologies
  6. Applicable laws
  7. Basic concepts and practices of processing digital forensic data
  8. Basic physical computer components and architectures, including the functions of various components and peripherals
  9. Deployable forensics
  10. Hacking methodologies in Windows or Unix/Linux environment
  11. How different file types can be used for anomalous behavior
  12. Investigative implications of hardware, Operating Systems, and network technologies
  13. Legal rules of evidence and court procedure
  14. Malware analysis concepts, methodologies and tools
  15. Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
  16. Seizing and preserving digital evidence (e.g., chain of custody)
  17. Different classes of attacks and general attack stages
  18. Network traffic analysis methods
  19. Security event correlation tools

Skills

  1. Performing root cause analysis for incidents
  2. Using incident handling methodologies
  3. Handling malware
  4. Performing damage assessments
  5. Preserving evidence integrity according to standard operating procedures or national standards
  6. Analyzing anomalous code as malicious or benign
  7. Analyzing memory dumps to extract information
  8. Analyzing volatile data
  9. Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
  10. Identifying and extracting data of forensic interest in diverse media
  11. Physically disassembling PCs
  12. Setting up a forensic workstation
  13. Using binary analysis tools
  14. Using forensic tool suites
  15. Using virtual machines
  16. Identifying obfuscation techniques

Abilities:

  1. Decrypt digital data collections
  2. Interpret and incorporate data from multiple tools sources
  3. Examine digital media on multiple operating platforms
  4. Draft and compile concise technical reports