CI Digital Forensics Examiner (Level III) support at Springfield, VA.
Overall Assignment Description: CI Digital Forensic Examiner Subject Matter Expert (SME) tasked to produce, on average per annum, 48 weekly status reports and 12 final digital forensics reports, while providing expert support to CI Cyber Threat and Technical Analyst requirements.

Duties:

• Perform Digital Media Acquisition and Digital Forensic Review of various platforms to include Windows, Linux, and Mac OS based systems using a variety of digital forensic tools.
• Investigate suspected instances of computer, mobile device, and network penetrations.
• Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination (ENCASE and Windows Forensic Toolkit are two of the many tools used for media forensics).
• Investigate computer viruses and malicious code and prepare, write, and present reports and briefings.
• Provide weekly status updates when conducting forensics.
• Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
• Case File Number
• Computer Name
• User Name, File Names, etc…
• Background
• Investigation Details
• Status/Disposition
• Recommendations
• Intelligence Information Report (if deemed necessary by government lead)
• Personnel will conduct CI cyber inquiries to determine possible foreign intelligence entity involvement with an NGA computer system. In the process of conducting an inquiry, Reports of Inquiry must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
• Case File Number
• Computer Name
• User Name
• Background
• Investigation Details
• Status/Disposition
• Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.
• Possess and demonstrate experience conducting computer forensics analysis within the Department of Defense and/or Intelligence Community.
• Attend periodic CI and law enforcement community cyber investigations awareness briefings.
• Brief CI cyber products and CI cyber service results to senior NGA leadership.
• Collaborate with internal and external Intelligence Community partners to share and gather technical threat information to enhance forensics examinations.
• Integrate information from forensics examinations and compile results into reports as required.
• Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.
• Participate in Intelligence Community and Department of Defense technical exchange and collaboration meetings as required.
• Produce detailed CI cyber forensics reports as required.
• Provide support to all CI mission functions as required.
• Participate in IC Community and NGA technical meetings and working groups to address issues related to computer security and vulnerabilities.
• Investigate suspected instances of computer, mobile device, and network penetrations.
• Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).
• Coordinate CI Cyber activities originating from enterprise Incident Response events.
• Conduct liaison between CI Office, Insider Threat, Cyber Security Operations Center, other NGA Offices, and DoD/IC partners as applicable to conducting the CI Cyber Mission.

Skills and Experience:

Required:

• Shall possess a minimum of 7 years of forensics experience in CI or law enforcement investigations.
• Gain and maintain, at vendor’s expense, a digital forensic examiner certification within six months of assignment. Qualifying certification sources include government, military, and industry.
• Possess or obtain certification to comply with DoD 8570.01-M Information Assurance (IA) requirements within one calendar year of assignment at the sole expense of the vendor. Shall possess or obtain and maintain IA II certification. See DoD 8570.01-M for acceptable certifications for each IA level.

Desired:

• Be a credentialed graduate of an accredited federal CI, federal law enforcement, DoD CI, or DoD law enforcement training academy.
• Possess post-graduate degree in Science, Technology, Engineering, Mathematics disciplines.
• Possess and demostrate knowledge and understanding of foreign adversaries’ security and intelligence services, terrorist organizations, and cyber threats posed to NGA, DoD and IC partners.
• Possess and provide a DoD Cyber Crimes Investigator certification.
• Experience with the latest forensic technologies such as Access Data Forensic Toolkit (FTK).
• Possess and provide a digital forensic examiner certification. Qualifying certification sources include government, military, and industry.

• Perform Digital Media Acquisition and Digital Forensic Review of various platforms to include Windows, Linux, and Mac OS based systems using a variety of digital forensic tools.
• Investigate suspected instances of computer, mobile device, and network penetrations.
• Ingest media into an archive, copy media images, and employ advanced media forensics tools during the course of a forensic examination (ENCASE and Windows Forensic Toolkit are two of the many tools used for media forensics).
• Investigate computer viruses and malicious code and prepare, write, and present reports and briefings.
• Provide weekly status updates when conducting forensics.
• Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
• Case File Number
• Computer Name
• User Name, File Names, etc…
• Background
• Investigation Details
• Status/Disposition
• Recommendations
• Intelligence Information Report (if deemed necessary by government lead)
• Personnel will conduct CI cyber inquiries to determine possible foreign intelligence entity involvement with an NGA computer system. In the process of conducting an inquiry, Reports of Inquiry must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
• Case File Number
• Computer Name
• User Name
• Background
• Investigation Details
• Status/Disposition
• Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.
• Possess and demonstrate experience conducting computer forensics analysis within the Department of Defense and/or Intelligence Community.
• Attend periodic CI and law enforcement community cyber investigations awareness briefings.
• Brief CI cyber products and CI cyber service results to senior NGA leadership.
• Collaborate with internal and external Intelligence Community partners to share and gather technical threat information to enhance forensics examinations.
• Integrate information from forensics examinations and compile results into reports as required.
• Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.
• Participate in Intelligence Community and Department of Defense technical exchange and collaboration meetings as required.
• Produce detailed CI cyber forensics reports as required.
• Provide support to all CI mission functions as required.
• Participate in IC Community and NGA technical meetings and working groups to address issues related to computer security and vulnerabilities.
• Investigate suspected instances of computer, mobile device, and network penetrations.
• Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).
• Coordinate CI Cyber activities originating from enterprise Incident Response events.
• Conduct liaison between CI Office, Insider Threat, Cyber Security Operations Center, other NGA Offices, and DoD/IC partners as applicable to conducting the CI Cyber Mission