Sr. Forensic Malware Analyst

STS Systems SupportSan Antonio, TX
Onsite

About The Position

STS Systems Support, LLC (SSS) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Sr. Forensic Malware Analyst to support our mission at Lackland AFB in San Antonio, TX.

Requirements

  • DoDD 8570.01‐M/8140.01 I AT Level III CND
  • Active TS/SCI
  • More than five (5) years of experience as a Forensic Malware Technician.
  • Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh-based computers and servers.
  • Strong skill in and a strong understanding of: the use of a variety of forensic tools (Access Data, FTK, Guidance EnCase; including mobility (Axiom/BlackBag , Mobilyze/Cellebrite/Paraben and in, FTK, X‐Ways Forensics, FireEye, Volatility, Sleuthkit, BlackBag tools) and various Open Source forensic tools.
  • Experience writing intelligence and technical articles for production and dissemination.
  • Very proficient w/ malware analysis, sandboxing, and software reverse engineering.
  • Proficient Experience with scripting languages such as Python and PowerShell.
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
  • Required: SANS GCFA (or equivalent).

Nice To Haves

  • Shell Scripting is a plus.
  • Desired: GREM, GCTI and/or ACE

Responsibilities

  • Document all findings in the investigation/incident log.
  • Track evidence inventory for intake and releasing to the forensics laboratory, ensuring proper handling and maintenance of evidence and chain of custody records with no more than 5% error rate.
  • Utilize forensic tools such as EnCase, FTK, FireEye, etc., and other systems as required.
  • Conduct analysis of metadata and forensic examinations of digital media from a variety of sources, including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence.
  • Confirm malicious activity when new information is identified through forensic analysis.
  • Investigate network and computer intrusions to identify root cause and generate indicators of compromise, documenting all findings in the investigation/incident log for each file.
  • Perform memory forensics and malware reverse engineering of suspected malicious files to verify if system compromise occurred, documenting all findings and Indicators of Compromise (IOCs) in the investigation/incident log for each file.
  • Perform Hard Drive Analysis of suspected/confirmed infected or exploited systems and document all findings in the investigation/incident log for each hard drive with no more than a 5% error rate.
  • Develop methods to identify, contain, log, and analyze malware-based activities on AF AIS and networks.
  • Provide support to AF network administrators on the installation and analysis of packet sniffers on their network topology by reporting the functionality status upon request.
  • Generate forensic reports and synopses presenting complex technical processes and findings clearly and concisely to technical and non-technical audiences.
  • Collaborate with leadership and external agencies, including Counter-Intelligence activities/agencies, OSI, FBI, and other security agencies, to include Incident Responders, as well as other forensic analysts.
  • Provide AF OSI DCO technical support to law enforcement and counter-intelligence activities.
  • Turn any investigation over to AF OSI if it is determined during the course of an investigation a law was broken.
  • Support and/or augment Incident Response deployment with same day notice, which may include retrieving hard drives or miscellaneous storage media, isolating systems for additional investigation, and performing other on-site Incident Response actions.
  • Set up a monitor or “cage” at the on-site location as needed.
  • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter.
  • Provide requested forensic information to operational flight commander as it relates to the Host Detection processes and procedures.

Benefits

  • paid holidays
  • paid time off including sick and vacation leave
  • medical, dental and vision insurance
  • flexible spending accounts
  • short and long term disability
  • company paid life insurance
  • 401(k) with a company match
  • discretionary profit sharing
  • tuition reimbursement
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service