Incident Response and Forensic Analyst

The Aerospace Corporation•Colorado Springs, CO

2d•Onsite

About The Position

The Aerospace Corporation is the trusted partner to the nation’s space programs, solving the hardest problems and providing unmatched technical expertise. As the operator of a federally funded research and development center (FFRDC), we are broadly engaged across all aspects of space— delivering innovative solutions that span satellite, launch, ground, and cyber systems for defense, civil and commercial customers. When you join our team, you’ll be part of a special collection of problem solvers, thought leaders, and innovators. Join us and take your place in space. The Aerospace Corporation is seeking an experienced cybersecurity professional to serve as an Incident Response and Forensic Analyst ( Information Security Staff IV) . In this critical role, you will be responsible for investigating security incidents, conducting digital forensic examinations, and leading response efforts to protect our organization's critical assets. You will analyze complex security events, preserve and examine digital evidence, develop incident response procedures, and provide expert recommendations to contain and remediate cyber threats. You will join a team of dedicated cybersecurity professionals who are chartered with securing Aerospace's classified and unclassified enterprise IT environments and viewed as leaders within the aerospace community. The selected candidate will be required to work full-time on-site at our facility in Colorado Springs, CO.

Requirements

Bachelor's degree in Cybersecurity, Computer Science, Digital Forensics, Information Systems or equivalent field of study, or equivalent experience
5-7 years of relevant experience in incident response, digital forensics, or cybersecurity investigations
Hands-on experience conducting forensic investigations on Windows, Linux, and/or macOS systems
Proficiency with forensic tools such as EnCase, FTK, X-Ways, Autopsy, or similar platforms
Strong understanding of file systems, operating system artifacts, and forensic analysis techniques
Experience with memory forensics and volatile data analysis
Knowledge of network forensics and packet analysis using tools like Wireshark, tcpdump, or NetworkMiner
Understanding of malware analysis fundamentals and attacker methodologies
Experience with incident response frameworks (NIST SP 800-61, SANS Incident Response, etc.)
Ability to work under pressure during active security incidents and manage multiple concurrent investigations
Excellent analytical and critical thinking skills with strong attention to detail
Strong written and verbal communication skills, including the ability to document technical findings clearly
Experience with evidence collection, preservation, and chain of custody procedures
Understanding of legal and regulatory requirements related to digital evidence and incident reporting
This position requires the ability to obtain and maintain a US Secret security clearance, which is issued by the US government.
U.S citizenship is required to obtain a security clearance.

Nice To Haves

Relevant certifications such as GCFA, GCFE, GREM, GNFA, CISSP, or equivalent
Experience with cloud forensics (AWS, Azure, GCP) and cloud-native incident response
Hands-on malware analysis and reverse engineering experience
Experience investigating advanced persistent threats (APTs) or nation-state actors
Proficiency with scripting languages (Python, PowerShell, Bash) for forensic automation
Experience with SIEM platforms and log analysis for incident investigation
Knowledge of threat intelligence platforms and integration of IOCs into defensive operations
Experience conducting forensic investigations in classified environments
Background with endpoint detection and response (EDR) tools such as CrowdStrike, Carbon Black, or SentinelOne
Experience developing custom forensic tools or automation scripts
Track record of presenting forensic findings to executive leadership or in legal proceedings
Experience with mobile device forensics (iOS, Android)
Familiarity with the MITRE ATT&CK framework and mapping incident findings to adversary techniques
Current and active Secret clearance

Responsibilities

Leading incident response activities from initial detection through containment, eradication, recovery, and post-incident analysis
Conducting digital forensic investigations on compromised systems, networks, and endpoints to determine root cause, scope, and impact of security incidents
Performing forensic analysis of disk images, memory dumps, network traffic, and log data using industry-standard tools and methodologies
Preserving digital evidence following proper chain of custody procedures to ensure forensic integrity and support potential legal proceedings
Analyzing malware samples and attacker techniques to understand threat actor behavior and develop defensive countermeasures
Developing and maintaining incident response playbooks, procedures, and forensic investigation workflows
Coordinating with SOC, IT operations, legal, and business stakeholders during active incident response operations
Documenting incident timelines, findings, and remediation activities in comprehensive technical reports
Providing expert testimony and briefings on forensic findings to technical teams, management, and potentially legal counsel
Contributing to threat intelligence by identifying indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) from investigations
Conducting post-incident reviews and lessons learned sessions to drive continuous improvement
Remaining informed on the latest incident response methodologies, forensic techniques, threat actor trends, and emerging attack vectors
Mentoring junior analysts and sharing forensic expertise across the cybersecurity team
Where necessary, providing after-hours support during critical security incidents requiring immediate investigation

Benefits

Comprehensive health care and wellness plans
Paid holidays, sick time, and vacation
Standard and alternate work schedules, including telework options
401(k) Plan — Employees receive a total company-paid benefit of 8%, 10%, or 12% of eligible compensation based on years of service and matching contributions; employees are immediately eligible and vested in the plan upon hire
Flexible spending accounts
Variable pay program for exceptional contributions
Relocation assistance
Professional growth and development programs to help advance your career
Education assistance programs
An inclusive work environment built on teamwork, flexibility, and respect