Digital Forensics & Incident Response Analyst (Mid-Level) (R-00091)

Job Responsibilities

• Provide real-time analysis and triage of security events to support the initial response efforts.
• Analyze log files from endpoints, EDR systems, firewalls, and servers to identify, contain, and remediate suspicious activity.
• Analyze malicious scripts and code to mitigate potential threats.
• Engage in Threat Hunting operations to proactively identify and mitigate threats.
• Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
• Create system images or capture network settings from information technology environments to preserve as evidence.
• Forensically duplicate digital evidence to use for data recovery and analysis procedures.
• Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
• Contribute to the analysis of cyber threat intelligence and apply findings to bolster ESOC's defensive and responsive actions.
• Post-incident analysis, assisting in identifying root causes, mining lessons learned, and reinforcing security measures.
• Contribute to training and skill development opportunities for self and other team members.
• Develop or refine policies and requirements for data collection, processing, and reporting.
• Recommend cyber defense software or hardware to support responses to cyber incidents.
• Adhere to legal policies and procedures related to handling digital media.
• Stay current on emerging threats, atack techniques, and vulnerabilities.
• Write and execute scripts to automate tasks, such as parsing large data files.
• Write cyber defense recommendations, reports, or white papers using research or experience.
• Write technical summaries to report findings.

Job Qualifications

• Bachelor's degree (or equivalent experience) in Cybersecurity, Information Technology, or a related field.
• Minimum of 3 years of relevant experience in direct digital forensics or incident response within a federal agency context.
• Active Top-Secret Clearance with SCI Eligibility.
• Must be able to pass a background check and CI Polygraph. May require additional background checks as required by projects and/or clients at any time during employment.
• Skilled in the use of Incident Response tools such as Splunk Enterprise Security, Microsoft Defender for Endpoint, for conducting sophisticated cyber incident monitoring and analysis.
• Well-versed in employing forensic tools and suites such as Magnet Axiom, FTK, Cellebrite Physical Analyzer, Kape, Eric Zimmerman Tools to support investigative processes.
• Adept at conducting open-source research to identify and understand active or potential threats.
• Highly regarded certifications for this position include, but are not limited to:


• GIAC Continuous Monitoring Certification (GMON)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Cloud Threat Detection (GCTD)
• GIAC Cloud Forensics Responder (GCFR)
• GIAC Advanced Smartphone Forensics Certification (GASF)
• GIAC Mobile Device Security Analyst (GMOB)
• Must possess problem-solving skills.
• Exceptional communication skills, both oral and written.
• Must be able to work effectively in a high-stress environment during critical incidents and be adaptable to a dynamic operational speed.
• Ability to respond effectively to customers with a sense of urgency.
• Proficient in Microsoft and Adobe toolsets, including Excel, Word, PowerPoint, Acrobat, etc.
• Highly motivated with the ability to handle and manage multiple tasks at any one time.
• Ability to forge new relationships with both individuals and teams.
• Must be a self-starter, that can work independently and as part of a team.


• Desired Qualifications:
• Relevant cybersecurity certifications such as GIAC.
• Solid foundation in the principles and practices of digital forensics methodologies and incident handling.
• Familiarity with cybersecurity frameworks, standards, and best practices.
• Experience with malware analysis and reverse engineering.
• Scripting, coding, and query language experience (Bash, PowerShell, KQL, SPL, Python, etc)
• Experience conducting Incident Response in AWS Cloud environments.

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:

- Competitive salary, paid twice per month

- Best in class medical coverage

- 100% of medical premiums covered by True Zero

- Company wide new business incentive programs

- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)

- 3 weeks of PTO starting + 11 Paid Holidays Annually

- 401k Program with 100% company match on the first 4%

- Monthly reimbursement of Cell Phone and Home Internet costs

- Paternity/Maternity Leave

- Investment in training and certifications to broaden and deepen your technical skills