Digital Forensics Specialist

About Us

The Department of Public Safety's mission is to safeguard and preserve the lives and property of the people of North Carolina through preparation, prevention, and protection with integrity and honor. Our agency houses many public safety divisions, including Emergency Management, Juvenile Justice and Delinquency Prevention, Alcohol Law Enforcement, Samarcand Training Academy, and the North Carolina National Guard. Join us along with our more than 3,000 employees and 12,000 National Guard members in providing exceptional public safety services to the citizens of North Carolina.

The mission of North Carolina Emergency Management (NCEM) is to enhance North Carolina's resiliency through active collaboration, communication, and coordination of efficient and effective preparedness, response, recovery, and mitigation of all natural and manmade hazards and threats. It is part of the NC Department of Public Safety (NCDPS).

About The Homeland Security Section

The mission of the Homeland Security Section is to provide the Division and the State Emergency Response Team (SERT) with proactive critical infrastructure planning and protection support, situational awareness and intelligence gathering, interagency coordination, and cyber preparedness, mitigation and response in collaboration with local, state, and federal partners. This collaboration includes training and assistance; strategic planning; investigative and intelligence support. The Homeland Security Section also collaborates with local, state and federal partners supporting the education sector in North Carolina.

About The Position

The Digital Forensics Specialist is responsible for assessing specific, potential incidents related to investigations and events, provides specialized technical case and operational support, and produces highly-technical strategic intelligence. Technical analysis provides a detailed picture of events as they occurred and allows an intelligence analyst to connect these events to cyber actors, tools, and tactics, techniques, and procedures (TTPs) inside and outside of the jurisdiction. This Specialist will primarily focus on highly-technical matters and will require multiple certifications and/or extensive cyber training and experience.

This position will perform analysis of raw, primary, and secondary data derived from various sources; including assisting with log analysis, netflow analysis, incident response, malware analysis, computer forensics, and penetration testing services; work alongside Department of Defense, federal, state, and local agencies in addressing threats posed by terrorists, nation-states, and other cybercriminals conducting cyber-attacks; assist with cyber security and provide actionable recommendations regarding the cyber security of partners on local, state, federal, and Department of Defense networks and hunt for indicators of compromise, using various toolsets, based on intelligence gathered.

This position will serve on cyber working groups and Incident Response Teams, as appropriate; monitor a variety of classified, sensitive, partner, and open source reporting for cyber information relevant to partners and/or the Fusion Center domain; coordinate with appropriate personnel, organizations, and units, including but not limited to the Department of Public Safety, the Department of Information Technology, state and federal membership of the Homeland Security Advisor Work Group, state and local law enforcement, and the owners and operators of Critical Infrastructure (CI), the Multi-State Information Sharing and Analysis Center (MS-ISAC) and other Information Sharing and Analysis Organizations (ISAOs).

This position will produce daily, monthly, and/or ad-hoc, actionable intelligence products on emerging cyber incidents, risks, threats, events, or trends; provide actionable strategic and technical intelligence to partners regarding new cyber trends and patterns, TTPs, tools, or actors related to state and Department of Defense networks. The position will work with other Fusion Center staff to ensure that developments in cyber, computer, and network security, and law enforcement investigative capabilities are accounted for in non-cyber focused intelligence production; and take an active part in the gathering, analysis, and communication of threat intelligence through the designated process.

Knowledge Skills And Abilities/Management Preferences

Recruitment Range: 87,617 - 131,426

This is a full-time position (40 hours per week) with State Benefits, including paid vacation, paid sick leave, paid holidays, retirement, and health insurance. This position qualifies for teleworking on a part-time basis as part of the State Telework Program.

Minimum Education And Experience:

• Bachelor’s degree in computer science or a related IT field or closely related field from an appropriately accredited institution and two years of progressive experience in IT Security or closely related area; OR
• Associate degree in computer science or a related IT field or closely related field from an appropriately accredited institution and three years of progressive experience in IT security or closely related area; OR
• An equivalent combination of education and experience.

Management Preferences:

• Ability to attain and maintain a DHS sponsored security clearance.
• Knowledge of incident response and handling methodologies.
• Knowledge of cyber defense mitigation techniques and vulnerability assessment tools, including open-source tools, and their capabilities.
• Knowledge of security intelligence threats and threat actors.
• Basic knowledge of various computer and digital forensic methodologies and related tools to extract actionable intelligence.

Key skills/competency

• Incident Response
• Cyber Defense
• Vulnerability Assessment
• Threat Intelligence
• Computer Forensics
• Malware Analysis
• Netflow Analysis
• Penetration Testing
• Log Analysis
• Security Clearance