Forensics Analyst Level 2 with Security Clearance

Job Duties * Serves as a Cyber Forensics Analyst responsible for conducting detailed digital forensics, host-based analysis, including imaging, digital media processing, and memory capture and data log analysis. Locates and identifies digital evidence. * Extracts and carves files from collected evidence. * Analyzes intrusion techniques and tradecraft. Assists in root cause and attribution analysis. * Identifies, collects, and analyzes relevant host-based artifacts. * Maintains cyber hygiene of forensic media and analysis environment.* Supports chain of custody throughout incident lifecycle. * Configures and utilizes virtualized and/or forensics computer system environments.Required Skills: * US Citizens Only* Active TS/SCI Clearance and Polygraph required* Minimum of Two (2) years of demonstrated experience as a Cyber Forensics Analyst in programs of similar scope, type and complexity is required.* Two (2) years of demonstrated experience using at least two forensic tool suites similar to EnCase, Sleuthkit, FTK, X-WAYS, REKALL, or Axiom.* Three (3) years of demonstrated experience working on Windows and Linux operating systems as a Systems administrator or in Software Development and Information Technology Systems (DevOps). * Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications. * Requires Global Information Assurance Certification Forensic Analyst (GCFA) or Global Information Assurance Certification Forensic Examiner (GCFE).* Create and maintain chain-of-custody documentation throughout incident response.* Perform forensically sound evidence collection and analysis.* Provide technical summary of findings in accordance with established reporting procedures.* Knowledge of host communications to include common ports, default services of common operating systems.* Collect and review artifacts (such as media, live system memory, images, equipment, network traffic, logs, or software).* Conduct initial analysis of log files, evidence, and other information.* Perform file system forensic analysis to include recovery of hidden and deleted content such as pagefiles, volume shadow copies, or unallocated space.* Utilize appropriate tools to decrypt seized data from sources such as full disk encryption and collected malware.* Carve data using manual and techniques for tools such as Forensic Tool Kit (FTK), EnCase, and other open-source tools and scripts.* Generate, research, and identify content based on file hashes.* Search and analyze Windows registry-related content.* Perform forensic incident handling tasks (such as forensic collections, host analysis, intrusion correlation and tracking, threat analysis, and direct system remediation) as part of flyaway Incident Response Teams (IRTs).* Perform file signature and timeline forensics analysis.* Recognize obfuscation and encryption detection techniques along with and understands applicable decoding methods to advance evidence processing during analysis.* Possess knowledge of data carving tools and techniques to include restoring deleted artifacts from unallocated disk storage and from system memory (RAM).* Detect anti-forensics techniques and tactics.

Created: 2025-10-04