Cyber Defense Forensics Lead
About The Position
True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that those outcomes begin and end with our people, and that is what we have built a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top-tier services to our customers. Our culture and commitment have been recognized through numerous accolades, including being named one of the Best Places to Work in 2023 in two categories (“Prosperous and Thriving†($5MM–$50MM in gross revenue) and “Mid-Atlantic Region†(DC, DE, MD, NC, VA, WV)), and again in 2025 as a Best Places to Work honoree. In addition, True Zero earned coveted spots on the Inc. 5000 list of fastest-growing companies in America in 2022, 2023, and 2025, a testament to our sustained growth driven by our people-first approach and unwavering dedication to excellence. This candidate will lead digital forensics activities in support of our cyber defense mission. Additionally, this role will analyze digital evidence, support incident response and threat hunt activities, and produce findings that inform remediation, reporting, and operational decision-making. This position calls for a senior practitioner who can conduct disciplined forensic analysis in high-consequence environments and translate technical evidence into clear investigative and defensive outcomes.
Requirements
- 5–7 years of experience in digital forensics, incident response, and threat hunt activities
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Digital Forensics, or related field; or equivalent experience
- Core competencies in computer forensics, computer network defense, software testing and evaluation, system administration, and threat analysis
- Experience conducting forensic analysis in support of cybersecurity incidents
- Experience using MITRE ATT&CK and the Cyber Kill Chain to contextualize attacker behavior, investigative findings, and post-incident analysis
- Experience preparing technical findings and investigative reporting
- Ability to work effectively in classified environments within government controlled secure facilities
- Strong analytical, documentation, and evidence-handling discipline
- Ability to support high-priority incident and investigative tasking under time pressure
- Top Secret/SCI Clearance Required
Nice To Haves
- GCFA
- GNFA
- GCIH
- EnCE
- CISSP
- CASP
- Comparable certifications
Responsibilities
- Lead digital forensics activities in support of cyber defense and incident response efforts
- Analyze digital evidence related to cybersecurity incidents and investigative activity
- Support incident response and threat hunt activities through forensic analysis and technical findings
- Conduct forensic review of systems, artifacts, logs, and related evidence sources
- Use the Cyber Kill Chain and MITRE ATT&CK to help frame investigative findings, support hunt hypotheses, and communicate attacker actions, progression, and control gaps
- Prepare technical summaries, findings, and reports to support operational and leadership decision-making
- Support evidence handling, documentation, preservation, and chain-of-custody practices
- Coordinate with cyber defense, incident response, and government stakeholders as needed
- Help identify vulnerabilities, attack methods, and technical indicators revealed through forensic analysis
- Support post-incident review, reporting, and remediation discussions with relevant stakeholders
- Support continuous improvement of forensic processes, documentation, and operational practices
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
11-50 employees
