DFIR Restoration and Recovery System Admin
Booz Allen Hamilton
The Opportunity:
Your combination of people skills and system administrator knowledge makes you the team hero, solving one problem after another. What if you could use those skills to improve the technology supporting Digital Forensics and Incident Response (DFIR)? We’re looking for a system administrator to be one of the first responders helping organizations navigate through the investigation and recovery associated with a cyber event.
As a systems administrator on our project, you’ll be the lead managing the collection and preservation of the forensic evidence. You’ll guide your team as they provide customers insight into their network through the remediation and recovery process. We focus on growing as a team, so you’ll share your expertise through leadership and mentoring as you help the team work through challenges and develop new methodologies. As a technical leader, you’ll identify new opportunities to modernize the network to help your customers meet their needs. Join our team and solve daily challenges as we improve.
Join us. The world can’t wait.
You Have:
3+ years of experience with system administration in mid- to large-sized MS Windows, Azure, or Linux environments
1+ years of experience providing onsite remediate and restoration support for companies recovering from a cyber incident
Experience collecting and preserving digital forensic evidence for investigations using tools such as FTK Imager or Paladin
Experience installing EDR sensors, including Carbon Black, Sentinel One, or Crowd Strike, and configuring Active Directory Certificate Services (ADCS) and Internet Information Services (IIS)
Experience with Active Directory (AD) structure to ensure high availability and data consistency for AD objects, users, groups, and organizational units to ensure AD is available for various authentication services used by users or equipment
Knowledge of multiple technologies in differing environments
Knowledge of configuration management process to ensure consistent and secure modifications to equipment configurations
Ability to deploy patches to endpoint servers and clients, ensure latest patches are being downloaded, develop maintenance windows to ensure minimal downtime when applying patches, and ensure patches are tested prior to being deployed to operational servers and clients
Ability to travel up to 90% of the time
HS diploma or GED
Nice If You Have:
Experience providing technical recovery support to complex systems
Experience working independently and collaboratively with clients to troubleshoot and correct operational issues as quickly as practicable
Experience configuring, implementing, and troubleshooting with Dell PowerEdge R940 servers, iDRAC, HP iLOW, VMWare vSphere, VMWare vCenter Server, Hyper V, ESXi Host and Servers, Windows Server 2012 R2 and later, Active Directory (AD), AD Certificate Services, and various firewalls
Ability to establish goals and meet project plan objectives
Ability to interface with customers and members of different departments at differing levels, including up to C-Suite
Possession of excellent verbal and written communication skills
Bachelor’s degree
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.