AOUSC - Forensic and Malware Lead

About The Position

Requirements

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• Five (5) years within IR in a large SOC (over 5,000 endpoints) with at least 3 years focused on digital forensics for Operating System or file systems.
• Three (3) years of demonstrated expertise in disk, memory and registry analysis using industry standard tools such as EnCase, FTK, X-Ways, Volatility.
• Demonstrated understanding of file systems and Operating System artifacts including but not limited to (SRUM, Shellbags and Prefetch).
• Familiarity with federal evidence guidelines and chain of custody requirements.
• Active GCFA, GREM, CFCE, or OSED certification

Nice To Haves

• This role aligns with NICE work role PD-WRL-002 (Digital Forensics).

Responsibilities

• Lead digital forensics and malware analysis activities in support of AOUSC Security Operations Division (SOD) operations.
• Provide advanced subject matter expertise for forensic investigations involving Windows, Linux, macOS, cloud, and enterprise environments.
• Perform static and dynamic malware analysis to identify indicators of compromise (IOCs), attacker tactics, techniques, and procedures (TTPs), and root cause.
• Analyze forensic artifacts, memory images, endpoint telemetry, SIEM data, and filesystem timelines to identify malicious activity and intrusion vectors.
• Coordinate with Cybersecurity Triage and Incident Response teams to support investigation, escalation, containment, remediation, and recovery activities.
• Conduct live forensic analysis utilizing Splunk Enterprise Security, Microsoft Sentinel, EDR tools, and AO-provided investigative tooling.
• Collect, preserve, duplicate, and maintain digital evidence in accordance with forensic evidence handling and chain-of-custody procedures.
• Develop forensic reports, malware analysis reports, incident artifacts, and technical documentation in accordance with Judiciary SOC Forensics SOPs and JSOCIRP requirements.
• Provide real-time investigative support for Priority 1 and Priority 2 cybersecurity incidents.
• Support analysis of advanced persistent threats (APT), ransomware, phishing campaigns, malicious scripts, and suspicious binaries.
• Perform memory analysis using approved forensic tools such as Volatility and other Judiciary-approved forensic platforms.
• Extract deleted or hidden data using forensic data carving and recovery techniques.
• Conduct analysis of endpoint, network, identity, and cloud telemetry to support incident investigations and threat hunting operations.
• Coordinate escalation and communication of investigative findings to AO leadership, incident responders, SOC management, and federal staff.
• Review and validate forensic and malware analysis deliverables to ensure technical accuracy, completeness, and compliance with SLA requirements.
• Develop and maintain forensic analysis procedures, malware analysis SOPs, investigative work instructions, and operational playbooks.
• Support enterprise security awareness reporting by contributing forensic findings, threat trends, and investigative recommendations.
• Participate in weekly technical meetings, operational briefings, and cybersecurity reporting activities.
• Support continuous process improvement initiatives related to digital forensics, malware analysis, investigative workflows, and incident response operations.
• Assist in transition-in and transition-out activities including knowledge transfer, operational readiness, training, and documentation support.