Defensive Cyber Operations Forensic Analyst Tier III

About The Position

Requirements

• Bachelor’s Degree in relevant discipline and 3 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
• At least 2 years of hands-on experience conducting digital forensic investigations utilizing enterprise forensic suites (e.g., EnCase, FTK, Axiom, etc) to acquire, preserve, and analyze evidence from Windows and/or Linux systems
• At least 1 year of experience performing detailed host-based and/or memory forensics by utilizing frameworks such as Volatility or Rekall to identify running processes, network connections, and injected code
• Must be a U.S. Citizen
• Must have DoD 8570 IAT Level II and CSSP IR compliant certifications
• Secret Clearance, with ability to obtain TS/SCI

Nice To Haves

• Extensive experience with Digital Forensics across multiple operating systems
• Demonstrated expert-level knowledge of Incident Response Procedures
• Expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis
• Experience conducting forensic investigations in cloud environments, including analysis of cloud-native logs and acquisition of virtual machine snapshots
• Proficiency in scripting (e.g., using Python, PowerShell) to automate forensic tasks, such as parsing custom log formats, automating timeline creation, or bulk-analyzing artifacts
• Possession of a recognized digital forensics certification, such as GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), EnCase Certified Examiner (EnCE), or AccessData Certified Examiner (ACE)
• Demonstrated passion for digital forensics through active participation in DFIR-focused challenges on platforms such as CyberDefenders, BlueTeamLabs Online, or the "Sherlocks" category on Hack The Box

Responsibilities

• Examine system, software, security, and user hives for evidence of program execution, USB usage, network connections, and user activity
• Execute forensic imaging of computers and storage media
• Acquire and analyze digital evidence using industry-standard forensic tools and techniques on Windows and Linux systems including prefetch, jump lists, shellbags, and other operating system specific artifacts
• Acquire and analyze memory captures to recover additional artifacts and evidence
• Decode and interpret various file formats and digital communications
• In-depth understanding of digital forensic methodologies, incident response workflows, and forensic tools
• Perform advanced network and host-based digital forensics on Windows and other operating systems to support incident investigations
• Coordinate with reporting agencies and subscriber sites to ensure comprehensive analysis and reporting of significant incidents
• Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and other directives
• Provide 24/7 support for incident response during non-core hours, and mentor junior analysts
• Lead program reviews, product evaluations, and onsite certification evaluations
• Overtime may be required to support incident response actions (Surge).
• Up to 10% travel may be required, may include international travel
• Must maintain a current US passport

Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.