Cyber Forensic Specialist

Zolon Tech•Fort Meade, MD

54d•Onsite

About The Position

The Cyber Forensic Specialist provides advanced digital forensics, malware examination, and incident analysis to support DMA's enterprise security operations. This role conducts forensic investigations across on-premise and cloud environments, supports incident response activities, and ensures the integrity, preservation, and chain of custody for digital evidence. The Specialist enables rapid identification of threat activity and contributes to strengthening DMA's defensive cyber posture. This position works closely with the SOC, Cyber Hunt/Purple Team, RMF/ATO staff, and the Incident Response (IR) teams to ensure compliance with DoD cybersecurity and investigative standards.

Requirements

Bachelor's degree in Cybersecurity, Computer Science, or related field; equivalent experience acceptable.
5+ years of digital forensic experience in DoD, federal, or enterprise environments.
Hands-on experience with forensic acquisition and analysis tools (e.g., EnCase, FTK, X-Ways, Cellebrite).
Strong knowledge of: Malware analysis, Memory forensics, Network forensics
Incident response lifecycle
Familiarity with RMF frameworks, ATO processes, POA&M development, and STIG/SRG controls.
Demonstrated experience leading or participating in major incident investigations.
Ability to produce detailed, defensible forensic reporting.
Understanding of NIST 800-61, NIST 800-53, DoD CSSP, and relevant legal considerations.
Active DoD Secret (or higher) required

Nice To Haves

GIAC Certifications: GCFA, GCFE, GREM, GNFA (highly desirable)
EnCE, CFCE, CHFI, or equivalent forensic certifications
Experience with: Palo Alto firewalls, Splunk, Trellix/McAfee/Tanium
SIEM and SOAR technologies
Experience handling insider threat and fraud investigations.
Prior experience supporting DoD SOC or CSSP.

Responsibilities

Conduct end-to-end digital forensic investigations across servers, endpoints, cloud workloads, and mobile devices.
Utilize forensic tools (e.g., EnCase, FTK, Cellebrite, X-Ways, Velociraptor) to acquire, preserve, analyze, and report on digital artifacts.
Support SOC incident response actions by performing root-cause analysis and reconstructing attack timelines.
Analyze malicious binaries, scripts, and malware behavior to support containment and eradication.
Perform volatile memory collections and memory forensics.
Provide expert insight on Indicators of Compromise (IOCs), TTPs, and threat attribution.
Ensure chain-of-custody procedures are properly maintained and documented.
Produce forensic reports suitable for law enforcement, leadership, and ATO/Compliance documentation.
Maintain and contribute forensic intelligence to SOC detection, tuning, and future hunt operations.
Interpret network packet captures (PCAP) to identify anomalous behavior.
Provide technical input into SOC policies, escalation workflows, and knowledge base improvements.
Assist with Purple Team activities and scenario-driven detection validation.
Support RMF Rev 5 and CSSP/CORA audit artifacts as needed.
Participate in incident response on-call rotations.