Cyber Defense Forensics Lead - Clearance Required

About The Position

Requirements

• Bachelor’s degree
• Minimum of 7 years of experience in cybersecurity, digital forensics, or incident response
• Minimum of 5 years of hands-on experience conducting host-based and network-based security monitoring and forensic analysis
• Strong experience identifying and analyzing anomalous activity, insider threats, and advanced cyber threat behaviors
• Hands-on experience with forensic tools, SIEM platforms, EDR solutions, IDS/IPS, and security operations workflows
• Experience supporting incident response efforts, including threat containment, eradication, and recovery
• Strong understanding of evidence handling, chain-of-custody procedures, and forensic investigation best practices
• Experience developing forensic reports, dashboards, and workflow documentation
• Ability to analyze large data sets and correlate findings across multiple sources
• Strong understanding of cybersecurity principles, threats, and attack methodologies
• Experience handling sensitive or classified information in accordance with federal security standards
• Active TS/SCI (or TS with SCI eligibility)

Nice To Haves

• GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Certified Incident Handler (GCIH), or an equivalent certification
• Experience supporting insider threat programs or user activity monitoring (UAM) initiatives
• Experience working in a 24/7 SOC or federal cybersecurity operations environment
• Familiarity with threat intelligence integration and adversary TTP analysis
• Experience building or enhancing forensic capabilities within enterprise environments
• Experience mentoring analysts in cyber forensics and investigative techniques

Responsibilities

• Lead digital forensics investigations across enterprise environments, ensuring accurate analysis and timely incident containment
• Conduct host-based and network-based forensic analysis to identify malicious activity, root cause, and scope of compromise
• Perform malware triage and analysis to support incident response and threat mitigation efforts
• Lead insider threat investigations, including detection, analysis, and escalation of suspicious or malicious user activity
• Ensure strict adherence to evidence handling procedures, including chain-of-custody requirements and forensic integrity standards
• Collect, preserve, analyze, and document digital evidence in support of investigative and legal processes
• Develop and maintain forensic workflows, investigative methodologies, and standard operating procedures
• Create dashboards, reports, and visualizations to support forensic investigations and SOC visibility
• Analyze anomalous system and user behavior to identify potential insider threats or advanced adversary activity
• Utilize forensic tools, SIEM platforms, endpoint detection and response (EDR), and intrusion detection systems (IDS) to support investigations
• Support incident response teams by providing forensic expertise during active security incidents
• Correlate forensic findings with threat intelligence to enhance detection and response capabilities
• Provide mentorship and technical guidance to junior analysts and investigators
• Coordinate with cross-functional teams including threat intelligence, incident response, and SOC operations
• Ensure compliance with federal cybersecurity standards, policies, and investigative requirements
• Support reporting and escalation of security incidents to appropriate stakeholders and leadership

Benefits

• Health and Dental Insurance
• Vision and Life Insurance
• Short-Term & Long-Term Disability
• 401(K) + company match
• Paid Time Off (PTO)
• Paid Company Holidays
• Tuition and Professional Development Assistance