Employment Type: Full-time

Responsibilities: The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front line response for cyber incidents and proactively hunting for malicious cyber activity. This team performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. We provide HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities

Metronome, LLC is seeking a Host Based Systems Manager to support this critical customer mission.

• Acquires/collects computer artifacts (e.g., malware, user activity, link files, etc.) from systems in support of onsite engagements
• Assesses evidentiary value by triaging electronic devices
• Correlates forensic findings with network events to further develop an intrusion narrative
• When available, collects and documents system state information (running processes, network connections, etc.) prior to imaging
• Performs incident triage from a forensic perspective to include determination of scope, urgency and potential impact.
• Tracks and documents forensic analysis from initial involvement through final resolution
• Collects, processes, preserves, analyzes and presents computer related evidence 
• Coordinates with others within the Government and with customer personnel to validate/investigate alerts or other preliminary findings
• Conducts analysis of forensic images and other available evidence and drafts forensic write-ups for inclusion in reports and other written products
• Assists to document and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies

Required Qualifications:

• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability
• One of the following combinations of Education and Experience
  • 4-6 years of host-based investigations or digital forensics experience with a High school diploma; OR
  • 2-4 years of host-based investigations or digital forensics experience with a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline
• Ability to create forensically sound duplicates of evidence (forensic images)
• Able to write cyber investigative reports documenting digital forensics findings
• Experience with the analysis and characterization of cyber attacks
• Experience with proper evidence handing procedures and chain of custody protocols
• Skilled in identifying different classes of attacks and attack stages
• Knowledge of system and application security threats and vulnerabilities
• Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources
• Must be able to work collaboratively across physical locations

Desired Qualifications:

• Experience with the following tool sets:
  • EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, GRR
• Experience with conducting all-source research
• Desired Certifications: GCFA, GCFE, EnCE, CCE CFCE, CISSP

Work Schedule: Core Hours

Background Screening/Check/Investigation: Successful Completion of a Background Check will be required as a condition of hire.

Benefits: Metronome offers a comprehensive benefits package that reflects our commitment to creating a diverse and supportive workplace.  Benefit eligibility is determined on the type of position (full-time, part-time, temporary). Metronome’s range of benefits include, but are not limited to, Medical, Vision & Dental Insurance, Life Insurance, Paid Time-Off & Company Paid Holidays, Personal Development & Learning Opportunities.

Application Process: Please follow all instructions carefully. Errors or omissions may affect your consideration for employment.

1. Select Create Profile and Apply to Requirement
2. Complete your Profile and Answer the Questionnaire
3. Upload a current resume
4. Complete the Online Application and Submit

Evaluation Process: Metronome will evaluate applicants based on how well they meet the qualifications of the position above. Your completed application (including questionnaire, resume, and online application) will be used to determine your eligibility and how well you meet the qualifications for this position.

Your responses to the questionnaire may be compared to your resume and application; if either your resume or application contradicts or does not support your responses, you will disqualify yourself and not receive further consideration for this job.

Equal Employment Opportunity Policy

Metronome does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.

Reasonable Accommodation Policy

Metronome is committed to providing reasonable accommodations to applicants with disabilities where appropriate. A reasonable accommodation is any change to a job, the work environment, or the way things are usually done that enables an individual with a disability to apply for a job, perform job duties or receive equal access to job benefits.

Applicants requiring reasonable accommodation for any part of the application process or hiring process should contact Metronome Human Resources at hr@wearemetronome.com or 703-957-4082. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.