Forensic and Incident Response Engineer

About The Position

Requirements

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, digital forensics, homeland security, or related field
• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
• Experience in cybersecurity, incident response, or digital forensics
• Strong analytical and problem-solving skills
• Ability to explain complex findings to non-technical stakeholders
• High integrity and discretion, with strict adherence to evidence handling and chain of custody requirements.
• Proficiency with industry-standard forensic and Incident Response tools
• Proficiency of TCP/UDP packet capture and analysis
• Strong experience in incident response methodologies and lifecycle management
• Hands-on digital forensics experience across a variety of industry-standard operating systems
• Ability to work effectively during high-stress incidents
• Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, ISO 27001 and regulatory compliance requirements
• Familiarity with MITRE ATT&CK framework

Nice To Haves

• Hold technical and/or cybersecurity certification such as GIAC GSEC, GIAC GCIH, CISA SSCP, CompTIA Security+
• A master’s degree in computer science, engineering, cybersecurity, information technology, or related field
• Demonstrated experience leading or owning incident investigations
• Hands-on experience reverse-engineering malware

Responsibilities

• Lead technical response to security incidents, including containment, eradication, and recovery
• Perform digital forensic analysis on endpoints, servers, applications, network traffic, and cloud environments using forensically sound procedures to identify network / computer intrusion evidence and identifies perpetrators
• Examine any electronic device that may hold evidence that could be used in a court of law and Gather, handle and store evidence.
• Perform a variety of forensic and electronic discovery services, including digital evidence preservation, forensic analysis, data recovery, tape recovery, electronic mail extraction, and database examination
• Collect, preserve, and analyze evidence in accordance with forensic best practices and legal requirements observing proper evidence custody and control procedures, document procedure and findings in a manner suitable for courtroom presentation and prepare comprehensive written notes and reports.
• Investigate malware, intrusions, unauthorized access, and data infiltration and exfiltration events
• Analyze logs, memory, disk images, and network captures to determine attack scope and impact
• Develop timelines, root-cause analysis, and incident reports for both technical and executive audiences
• Support threat hunting and detection engineering efforts using forensic findings
• Collaborate with the CSOC, engineering, legal, and compliance teams during incidents
• Participate in on-call or surge incident response rotations
• Assist with development and maintenance of incident response playbooks and procedures
• Support security tooling evaluations and forensic lab improvements
• Participate in tabletop exercises and readiness testing
• Contribute to security awareness or training efforts using incident lessons learned
• Maintain forensic documentation, case notes, and evidence records