Cybersecurity Forensics and Malware Lead

Gunnison Consulting Group•Washington, DC

10h•Hybrid

About The Position

This position is contingent upon a future opening with Gunnison. Lead digital forensic and malware analysis operations in support of cybersecurity activities for the federal customer. Provide subject matter expertise for forensic investigations across Windows, Linux, macOS, cloud, and enterprise environments. Perform both static and dynamic malware analysis to identify indicators of compromise, adversary techniques, and root causes. Analyze forensic artifacts, memory images, endpoint data, and SIEM telemetry to detect malicious activity. Coordinate with incident response and triage teams to support investigation, containment, and recovery efforts. Conduct live forensic investigations using enterprise security tools and approved forensic platforms. Collect, preserve, and manage digital evidence in accordance with forensic standards and procedures. Produce detailed forensic and malware analysis reports documenting findings and investigative results. Support real-time investigations involving high-severity security incidents. Analyze advanced threats including ransomware, phishing campaigns, and sophisticated malware. Perform memory analysis and data recovery using approved forensic methodologies. Correlate data from endpoint, network, identity, and cloud sources to support investigations. Communicate findings to leadership and cybersecurity teams, ensuring timely escalation as needed. Review forensic deliverables for accuracy, completeness, and compliance with SLAs. Develop and maintain forensic SOPs, playbooks, and investigative procedures. Support reporting and awareness efforts by contributing forensic insights and threat trends. Participate in technical briefings and operational meetings. Drive improvements in forensic and investigative processes. Support onboarding, training, and knowledge transfer activities.

Requirements

Bachelor’s degree in Computer Science, Information Technology, or related discipline
Minimum of 5 years of incident response experience in a large SOC, including at least 3 years focused on digital forensics
At least 3 years of experience conducting disk, memory, and registry analysis using industry-standard forensic tools such as EnCase, FTK, X-Ways, and Volatility
Strong understanding of file systems and operating system artifacts (e.g., SRUM, Prefetch, Shellbags)
Familiarity with federal evidence handling requirements and chain-of-custody procedures
Certification required: GCFA, GREM, CFCE, or OSED
Ability to obtain and maintain a Public Trust.

Responsibilities

Lead digital forensic and malware analysis operations in support of cybersecurity activities for the federal customer
Provide subject matter expertise for forensic investigations across Windows, Linux, macOS, cloud, and enterprise environments
Perform both static and dynamic malware analysis to identify indicators of compromise, adversary techniques, and root causes
Analyze forensic artifacts, memory images, endpoint data, and SIEM telemetry to detect malicious activity
Coordinate with incident response and triage teams to support investigation, containment, and recovery efforts
Conduct live forensic investigations using enterprise security tools and approved forensic platforms
Collect, preserve, and manage digital evidence in accordance with forensic standards and procedures
Produce detailed forensic and malware analysis reports documenting findings and investigative results
Support real-time investigations involving high-severity security incidents
Analyze advanced threats including ransomware, phishing campaigns, and sophisticated malware
Perform memory analysis and data recovery using approved forensic methodologies
Correlate data from endpoint, network, identity, and cloud sources to support investigations
Communicate findings to leadership and cybersecurity teams, ensuring timely escalation as needed
Review forensic deliverables for accuracy, completeness, and compliance with SLAs
Develop and maintain forensic SOPs, playbooks, and investigative procedures
Support reporting and awareness efforts by contributing forensic insights and threat trends
Participate in technical briefings and operational meetings
Drive improvements in forensic and investigative processes
Support onboarding, training, and knowledge transfer activities