NBCUniversal logo

NBCUniversal

huntsvillehuntsvilleal

Digital Forensics & Incident Response Analyst (Mid-Level) (R-00091)

full-timeOn-site

Job Responsibilities

  • Provide real-time analysis and triage of security events to support the initial response efforts.
  • Analyze log files from endpoints, EDR systems, firewalls, and servers to identify, contain, and remediate suspicious activity.
  • Analyze malicious scripts and code to mitigate potential threats.
  • Engage in Threat Hunting operations to proactively identify and mitigate threats.
  • Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
  • Create system images or capture network settings from information technology environments to preserve as evidence.
  • Forensically duplicate digital evidence to use for data recovery and analysis procedures.
  • Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
  • Contribute to the analysis of cyber threat intelligence and apply findings to bolster ESOC's defensive and responsive actions.
  • Post-incident analysis, assisting in identifying root causes, mining lessons learned, and reinforcing security measures.
  • Contribute to training and skill development opportunities for self and other team members.
  • Develop or refine policies and requirements for data collection, processing, and reporting.
  • Recommend cyber defense software or hardware to support responses to cyber incidents.
  • Adhere to legal policies and procedures related to handling digital media.
  • Stay current on emerging threats, atack techniques, and vulnerabilities.
  • Write and execute scripts to automate tasks, such as parsing large data files.
  • Write cyber defense recommendations, reports, or white papers using research or experience.
  • Write technical summaries to report findings.

Job Qualifications

  • Bachelor's degree (or equivalent experience) in Cybersecurity, Information Technology, or a related field.
  • Minimum of 3 years of relevant experience in direct digital forensics or incident response within a federal agency context.
  • Active Top-Secret Clearance with SCI Eligibility.
  • Must be able to pass a background check and CI Polygraph. May require additional background checks as required by projects and/or clients at any time during employment.
  • Skilled in the use of Incident Response tools such as Splunk Enterprise Security, Microsoft Defender for Endpoint, for conducting sophisticated cyber incident monitoring and analysis.
  • Well-versed in employing forensic tools and suites such as Magnet Axiom, FTK, Cellebrite Physical Analyzer, Kape, Eric Zimmerman Tools to support investigative processes.
  • Adept at conducting open-source research to identify and understand active or potential threats.
  • Highly regarded certifications for this position include, but are not limited to:

  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Cloud Threat Detection (GCTD)
  • GIAC Cloud Forensics Responder (GCFR)
  • GIAC Advanced Smartphone Forensics Certification (GASF)
  • GIAC Mobile Device Security Analyst (GMOB)
  • Must possess problem-solving skills.
  • Exceptional communication skills, both oral and written.
  • Must be able to work effectively in a high-stress environment during critical incidents and be adaptable to a dynamic operational speed.
  • Ability to respond effectively to customers with a sense of urgency.
  • Proficient in Microsoft and Adobe toolsets, including Excel, Word, PowerPoint, Acrobat, etc.
  • Highly motivated with the ability to handle and manage multiple tasks at any one time.
  • Ability to forge new relationships with both individuals and teams.
  • Must be a self-starter, that can work independently and as part of a team.

  • Desired Qualifications:
  • Relevant cybersecurity certifications such as GIAC.
  • Solid foundation in the principles and practices of digital forensics methodologies and incident handling.
  • Familiarity with cybersecurity frameworks, standards, and best practices.
  • Experience with malware analysis and reverse engineering.
  • Scripting, coding, and query language experience (Bash, PowerShell, KQL, SPL, Python, etc)
  • Experience conducting Incident Response in AWS Cloud environments.

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:


- Competitive salary, paid twice per month

- Best in class medical coverage

- 100% of medical premiums covered by True Zero

- Company wide new business incentive programs

- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)

- 3 weeks of PTO starting + 11 Paid Holidays Annually

- 401k Program with 100% company match on the first 4%

- Monthly reimbursement of Cell Phone and Home Internet costs

- Paternity/Maternity Leave

- Investment in training and certifications to broaden and deepen your technical skills