Skip to content
DFIR Restoration and Recovery System Administrator
| Company | Booz Allen |
|---|
| Location | McLean, VA, USA |
|---|
| Salary | $77600 – $176000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Mid Level, Senior |
|---|
Requirements
- 3+ years of experience with system administration in mid- to large-sized MS Windows, Azure, or Linux environments
- 1+ years of experience providing onsite remediate and restoration support for companies recovering from a cyber incident requiring broad and deep expertise across multiple technologies in differing environments
- Experience collecting and preserving digital forensic evidence for investigations using tools such as FTK Imager or Paladin
- Experience installing EDR sensors, including Carbon Black, Sentinel One, or Crowd Strike
- Experience with Active Directory (AD) structure to ensure high availability and data consistency for AD objects, users, groups, and organizational units to ensure AD is available for various authentication services used by users or equipment
- Experience configuring Active Directory Certificate Services (ADCS) and Internet Information Services (IIS)
- Knowledge of configuration management process to ensure consistent and secure modifications to equipment configurations
- Ability to deploy patches to endpoint servers and clients, ensure latest patches are being downloaded, develop maintenance windows to ensure minimal downtime when applying patches, and ensure patches are tested prior to being deployed to operational servers and clients
- Ability to travel up to 90% of the time
- HS diploma or GED
Responsibilities
- Lead managing the collection and preservation of the forensic evidence
- Guide your team as they provide customers insight into their network through the remediation and recovery process
- Share your expertise through leadership and mentoring as you help the team work through challenges and develop new methodologies
- Identify new opportunities to modernize the network to help your customers meet their needs
Preferred Qualifications
- Experience providing technical recovery support to complex systems
- Experience working independently and collaboratively with clients to troubleshoot and correct operational issues as quickly as practicable
- Experience configuring, implementing, and troubleshooting with Dell PowerEdge R940 servers, iDRAC, HP iLOW, VMWare vSphere, VMWare vCenter Server, Hyper V, ESXi Host and Servers, Windows Server 2012 R2 and later, Active Directory (AD), AD Certificate Services, and various firewalls
- Ability to establish goals and meet project plan objectives
- Ability to interface with customers and members of different departments at differing levels, up to C-Suite
- Possession of excellent verbal and written communication skills
- Bachelor’s degree
