2,713 Digital Forensics Analyst jobs in the United States

Requisition ID: 285771

• Relocation Authorized: None

• Telework Type: Full-Time Telework

• Work Location: Glendale, AZ

• Salary Range: $109,190 - $166,510 annually (Determined by function, education, experience, and qualifications of the applicant.)

Extraordinary teams building inspiring projects:

Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place.

Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations.

Core to Bechtel is our Vision, Values and Commitments . They are what we believe, what customers can expect, and how we deliver. Learn more about our extraordinary teams building inspiring projects in our Impact Report .

Project Overview:

Bechtel is looking for people who want to change the landscape of traditional incident response and digital forensics. We are an agile and dynamic team doing fantastic work in information security. Our goal is to change the industry to improve security for both our company and the world.

Job Summary:

As the DFIR Analyst, you will be working with a group of highly productive employees to implement critical functions of our incident response. You will be working with standard forensics tools and some groundbreaking new technology as well. Your peers will be respected people from the information security industry. Due to the nature of incident response, we are looking for someone who is not only technically proficient, but can effectively communicate with managers and individual contributors to assist with fostering a secure-by-design culture.

When not actively participating in an incident, you will be working on improving the incident response processes, assisting Sr Analyst with DFIR modernization efforts, and fostering communication between security groups as well as being a point of contact for escalation on a multitude of issues.

Major Responsibilities:

• Seek out inefficiencies in existing processes and develop automated solutions in a global enterprise environment.

• Assist efforts to modernize our digital forensics tooling and collection processes.

• Assist with the Incident Response staff efforts across the enterprise, this includes determining the response level of an incident, investigation of small to large scale incidents, establish appropriate actions to remediate threats.

• Assist with engineering commercial or open source tools to identify, respond or remediate threats and other duties as assigned.

Education and Experience Requirements:

• Bachelor's Degree in Information Technology, Computer Science, or a related field or 12 years of relevant experience in lieu of a degree.

Required Knowledge and Skills:

• 5 or more years of general information technology experience with 3 years of experience in digital forensics and incident response (DFIR).

• Solid expereience applying multiple facets of DFIR to on-prem and cloud environments.

• Must be a United States citizen.

Preferred Qualifications

• In-depth experience with all facets of digital forensics and incident response.

• Demonstrated threat hunting experience with Python, SIEM and EDR solutions.

• Technical acuity in the field of Information Technology Operations and Security Operations.

• Knowledge, understanding, and ability to apply technical security standards and tools.

• Excellent conceptualization, analytical and logic skills.

• Ability to successfully facilitate collaboration across multiple functions, departments and levels.

• Familiarity with SOAR (Security Orchestration, Automation and Response) software with an emphasis on building complex playbooks for automating routine incidents.

• Familiarity with Incident Response in cloud/hybrid environments (AWS, Azure, etc).

Total Rewards/Benefits:

For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards

Diverse teams build the extraordinary:

As a global company, Bechtel has long been home to a vibrant multitude of nationalities, cultures, ethnicities, and life experiences. This diversity has made us a more trusted partner, more effective problem solvers and innovators, and a more attractive destination for leading talent.

We are committed to being a company where every colleague feels that they belong-where colleagues feel part of "One Team," respected and rewarded for what they bring, supported in pursuing their goals, invested in our values and purpose, and treated equitably. Click here to learn more about the people who power our legacy.

Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, disability, citizenship status (except as authorized by law), protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e-mail their request to

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $153,000.00 and $196,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

This role is part of a dynamic team within the SMBC Security Operations Center (SOC) specializing in conducting complex forensic investigations, responding to security incidents, supporting insider risk and other internal investigative matters. The ideal candidate will possess deep technical expertise in digital forensics and the ability to communicate findings effectively to both technical and non-technical stakeholders. This role will be responsible for conducting all parts of the digital forensic process, including but not limited to, preserving relevant data, maintaining Chain of Custody, analyzing digital evidence, conducting forensic examinations, and writing forensic reports. The role requires creativity, critical thinking, strong communication skills, and the ability to work effectively across a large global organization.

Role Objectives

• Coordinate with investigative pillars of the organization (SOC, Insider Risk, HR, Legal, etc.) to improve workflows and support their investigations when necessary.

• Work closely with the Insider Risk Governance team to develop and manage rules and workflows, as well as performing triage for alerts.

• Ensure the confidentiality, integrity, and chain of custody of digital evidence throughout the investigative process.

• Prepare reports on findings and present briefings to colleagues and leadership; serve as a digital forensics subject matter expert.

• Mentor and train junior analysis in forensic procedures and contribute to the evaluation and improvement of existing SOC processes.

• Effectively communicate complex technical concepts and findings to non-technical stakeholders in a clear and concise manner.

• Ensure compliance with legal and regulatory requirements related to digital evidence collection, preservation, and analysis.

• Stay current with the latest developments in digital forensics technology, tools, and methodologies, and provide training and mentorship to team members.

• Provide SME-level support for insider risk matters leveraging deep knowledge of insider risk, cyber security, and counterintelligence.

Qualifications and Skills

• Bachelor's degree and a minimum of 7 years of relevant experience.

• Industry certifications such as GCFE, GCFA, EnCE, MCFE, GCNA, or other related cybersecurity certifications are highly desirable.

• Proficiency in using forensic tools and techniques, such as AXIOM Cyber, EnCase Enterprise, FTK Enterprise, X-Ways Forensics and common open-source forensics software.

• Ability to leverage multiple data sets and tools to support complex analysis.

• Detail-oriented with a strong commitment to accuracy and quality in all aspects of work.

• Very strong oral and written communication skills, with focus on attention to detail; experience communicating with senior levels.

• Demonstrated expertise responding to cyber incidents and digital forensic investigations at an enterprise level.

• High ethical standards and a commitment to upholding professional integrity and confidentiality.

• Proven ability to strategize and demonstrate 'out of the box' thinking and creativity in order, to solve complex problems and deliver practical and effective results.

Additional Requirements

SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
The anticipated salary range for this role is between $153,000.00 and $196,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.
**Role Description**
This role is part of a dynamic team within the SMBC Security Operations Center (SOC) specializing in conducting complex forensic investigations, responding to security incidents, supporting insider risk and other internal investigative matters. The ideal candidate will possess deep technical expertise in digital forensics and the ability to communicate findings effectively to both technical and non-technical stakeholders. This role will be responsible for conducting all parts of the digital forensic process, including but not limited to, preserving relevant data, maintaining Chain of Custody, analyzing digital evidence, conducting forensic examinations, and writing forensic reports. The role requires creativity, critical thinking, strong communication skills, and the ability to work effectively across a large global organization.
**Role Objectives**
+ Coordinate with investigative pillars of the organization (SOC, Insider Risk, HR, Legal, etc.) to improve workflows and support their investigations when necessary.
+ Work closely with the Insider Risk Governance team to develop and manage rules and workflows, as well as performing triage for alerts.
+ Ensure the confidentiality, integrity, and chain of custody of digital evidence throughout the investigative process.
+ Prepare reports on findings and present briefings to colleagues and leadership; serve as a digital forensics subject matter expert.
+ Mentor and train junior analysis in forensic procedures and contribute to the evaluation and improvement of existing SOC processes.
+ Effectively communicate complex technical concepts and findings to non-technical stakeholders in a clear and concise manner.
+ Ensure compliance with legal and regulatory requirements related to digital evidence collection, preservation, and analysis.
+ Stay current with the latest developments in digital forensics technology, tools, and methodologies, and provide training and mentorship to team members.
+ Provide SME-level support for insider risk matters leveraging deep knowledge of insider risk, cyber security, and counterintelligence.
**Qualifications and Skills**
+ Bachelor's degree and a minimum of 7 years of relevant experience.
+ Industry certifications such as GCFE, GCFA, EnCE, MCFE, GCNA, or other related cybersecurity certifications are highly desirable.
+ Proficiency in using forensic tools and techniques, such as AXIOM Cyber, EnCase Enterprise, FTK Enterprise, X-Ways Forensics and common open-source forensics software.
+ Ability to leverage multiple data sets and tools to support complex analysis.
+ Detail-oriented with a strong commitment to accuracy and quality in all aspects of work.
+ Very strong oral and written communication skills, with focus on attention to detail; experience communicating with senior levels.
+ Demonstrated expertise responding to cyber incidents and digital forensic investigations at an enterprise level.
+ High ethical standards and a commitment to upholding professional integrity and confidentiality.
+ Proven ability to strategize and demonstrate 'out of the box' thinking and creativity in order, to solve complex problems and deliver practical and effective results.
**Additional Requirements**
SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at

Job Description

Position Title:

Cybersecurity Analyst IV (Senior Digital Forensics Analyst)

Class/Group:

0322 / B29

Military Occupation Specialty Code:

Army 17C, 25B, 25D, 170A; Coast Guard CYB10, CYB11, CYB12, CYB13; Air Force 1D7X1; Space Force 5C0X1D

Fair Labor Standards Act Status:

Exempt

Number of Vacancies:

1

Division/Section:

Office of the Chief Information Security Officer - Security Operations / CIRT

Salary Range:

$8750.00 - $9166.67 / monthly

Duration:

Regular

Hours Worked Weekly:

40

Travel:

Occasional

Work Location:

300 W. 15th Street, #1300 / Austin, Texas 78701

Web site:



Refer Inquiries to:

People and Culture Office

Telephone:

( or (

How To Apply:

• Select the link below to search for this position:
• Enter the job posting number "00050395" in the keyword search.

• You must create a CAPPS Career Section candidate profile or be logged in to apply.

• Update your profile and apply for the job by navigating through the pages and steps.

• Once ready, select "Submit" on the "Review and Submit" page.

• If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid.

Special Instructions:

• Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.

• Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Interview Place/Time:

Candidates will be notified for appointments as determined by the selection committee.

Selective Service Registration:

Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.

H-1B Visa Sponsorship:

We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Equal Opportunity Employer

The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call to request reasonable accommodation.

What We Do

We are a technology agency powered by people.

DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.

DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state. We have over 250 professionals working at DIR who are honored to serve as the cornerstone of public sector technology in Texas. By joining DIR, you will be an integral part of transforming how technology serves Texans.

Position Summary

A role within the Office of the State Chief Information Security Officer (OCISO) that combines progressive incident response program development, works with many diverse organizations, plans for, and responds to Cyber events, and reviews and communicates threats and vulnerabilities to a wide range of stakeholders.

This role performs advanced (senior-level) cyber security analysis functions that include planning, implementing, and monitoring CIRT program elements and services that support government organizations throughout the state of Texas in the protection of information resources and government and citizen protected data. Will assist in the State's efforts to develop, expand, and deliver cybersecurity incident response services, standards, analysis, and guidance. Will guide or assist the Security Operations/CIRT members with the tools and resources required for interactions with state agencies, institutions of higher education, local governmental officials, and other interagency personnel to engage and deliver incident response services, preparedness information, and program delivery of the Cybersecurity Incident Response Team. Will work with the rest of the OCISO team to collaboratively identify and deliver statewide security program improvements and continuously improve the security posture of the State of Texas as a whole. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. May, at times, assign and/or oversee the work of others.

• Serves as a Senior CIRT Forensics Analyst for the department, providing support, guidance and training to other team members. Forensically analyzes end user systems and servers found to have possible indicators of compromise. Conducts Analysis of artifacts collected during a security incident/forensic analysis and determines how systems were compromised. Provides analysis and findings in investigative matters and develops fact-based reports for DIR and its customers.
• Provides threat intelligence and CIRT program management to support the overall security posture of the state of Texas, including its agencies, institutions of higher education, cities, counties, school districts, special districts, and other qualified governmental entities. Develops, maintains, or supports a threat intelligence capability to identify current and emerging security risks to the state of Texas.
• Develops content for cybersecurity incident response exercises with state agencies and higher education institutions, Regional Security Operations Centers, local jurisdictions, and other eligible customers.
• Coordinates with internal staff to establish and maintain situational awareness of current and emerging risks and threats to the state.
• Uses open source and commercial intelligence providers to gain insight into adversary tactics, techniques, and procedures, as well as planned activities and emerging motivations.
• Identifies security incidents through 'Hunting' operations within a SIEM and other relevant tools. Interfaces and connects with system owners and custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation activities. Provide consultation and assessment on perceived security threats affecting the State of Texas.
• Advises the Department leadership and state cybersecurity community of significant emerging threats and provide both strategic and tactical steps to counteract these threats. Researches, identifies, evaluates, and recommends systems and procedures in the field of Cybersecurity.
• Performs other work-related duties as assigned.

Qualifications:

Education

• Graduation from a four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems or related field.
• Additional work-related experience may be substituted for education on a year-for-year basis (High-school diploma required.

Experience and Training Required

• Five (5) years of progressively responsible experience in the IT industry.
• Five (5) years of progressively responsible experience in cyber security or IT project management work.
• Two (2) years of experience in responding to cyber security incidents.

Experience and Training Preferred

• Experience and training in analyzing, recommending, developing, and implementing cogent enterprise-wide policies, standards, and guidelines.
• Experience working with state or federal IT regulatory issues and processes.
• Experience in researching and documenting findings on information technology issues, processes, or programs.
• Have or work towards obtaining Certified Ethical Hacker (CEH) GAIC Certified Incident Handler (GCIH), GCFE Certified Forensic Examiner (GAIC ), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), and/or CyberSec First Responder (CFR) or similar certification, or serve as a SME on a certification creation committee or equivalent

Knowledge, Skills, and Abilities

• Knowledge of applied "sound security" concepts, such as the principal of least privilege, the use of multi-factor authentication and identity and access management.
• Broad understanding of the cybersecurity landscape including identity management, access management, access governance, and privileged access management capabilities and methodologies
• Knowledge of generally accepted information technology standards and practices; of information technology practices; and of information technology management practices.
• Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations
• Knowledge of security architecture and security program requirements
• Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code § 202, and other related security codes, documentation, standards, and best practices
• Knowledge of ITIL processes and standards
• Knowledge of standard concepts, practices, and procedures for computer operations and data center operations
• Knowledge of benchmarking activities and expectations
• Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
• Ability to promote and support the overall mission, goals, and efforts Office of the CISO and Statewide Security Program.
• Ability to learn and adapt quickly in a dynamic environment.
• Ability to manage projects to resolve complex issues in diverse and decentralized environments.
• Ability to assist executives, through discussion and facilitation, in the process of evaluating and implementing security architecture and policies.
• Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers.
• Ability to understand, follow and convey brief oral and/or written instructions.
• Ability to communicate both verbally and in writing, in a clear and concise manner.
• Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.
• Ability to work under pressure and exacting schedules to complete assigned tasks.
• Ability to work occasional overtime and/or a flexible schedule to meet required deadlines.
• Ability to travel as necessary.
• Ability to comply with all agency policy and applicable laws.
• Ability to comply with all applicable safety rules, regulations, and standards.

Computer Skills

• Proficiency in the use of a computer and applicable software necessary to perform work assignments e.g., word processing, spreadsheets (Microsoft Office preferred), project management tools (Microsoft Project preferred).

Other Requirements

• Regular and punctual attendance at the workplace.
• Criminal background check.

Working Conditions

• Frequent use of computers, copiers, printers, and telephones.
• Frequent standing, walking, sitting, listening, and talking.
• Frequent work under stress, as a team member, and in direct contact with others.
• Occasional bending, stooping, lifting, and climbing.
• Occasional extended work hours as needed, to deliver incident response services to customers.
• Occasional, as needed travel within Texas deliver incident response services to customers.

Digital Forensics Senior Analyst in GAC Savannah

Unique Skills:

• Experience analyzing forensic artifacts of enterprise operating systems (ex. Windows, Linux, and MacOS) to discover elements of an intrusion and identify root cause.
• Experience analyzing memory images to identify malicious patterns (using tools like Volatility, Magnet AXIOM, or similar).
• Experience analyzing mobile phone artifacts to support internal investigations (using tools like Cellebrite, Magnet AXIOM, or similar).
• Experience using Hashcat or similar to perform password cracking.
• Experience performing forensic acquisition and examination of Windows, Unix/Linux, and Macintosh-based workstations and servers.
• Conduct analysis of metadata and forensic examinations of digital media from a variety of sources including preservation, acquisition, and analysis of digital evidence with the goal of developing forensically sound evidence.
• Familiarity with forensics tools for Windows and MacOS artifacts analysis as well as iPhone investigations, such as Magnet AXIOM, KAPE (Kroll Artifact Parser and Extractor) or similar.
• Familiarity with eDiscovery aka Legal Hold solutions, such as Exterro, EnCase or similar.

Education and Experience Requirements

Bachelor's Degree or equivalent combination of education and experience to successfully perform the essential functions of the job. Degree in information security, Computer Sciences or Technology related field preferred. 10 years of related experience.

Position Purpose :

The Cyber Threat Spec Sr. provides management with a clear picture of threats associated with Business Technology assets in a way that enables them to make well-informed decisions regarding threat management. This is achieved through the effective communication of information collected through various tools, analysis of event and incident reports utilizing both automated and manual methods. The Cyber Threat Spec Sr. must also be capable of supervising and guiding the forensics team to include conducting computer forensic investigations, data recovery, electronic discovery and leading an incident response team.

Job Description

Principle Duties and Responsibilities:

Essential Functions:

1. Conducting forensic collections of electronic evidence including information system and network devices for legal, human resources, ethics, and information security.
2. Applying forensic software/hardware applications to analyze digital media, images; determining solutions for recovery of potentially relevant information.
3. Examining and analyzing network traffic, related applications and operating systems to identify potential threats, anomalous or malicious activities to network resources; validating Intrusion Detection System (IDS) alerts.
4. Analyze security data to effectively detect intrusions & attempted intrusions and to initiate and engage the proper resources to mitigate the risk.
5. Providing reports and documents regarding network security incidents details and outcome; leads efforts in troubleshooting problems and recommending vulnerability corrections.
6. Monitoring and improving documentation and reporting processes for cyber incident status and results.
7. Design and implementation of the organizational information security solutions, and continuously enhancing information security approaches and methodologies.
8. Lead incident response team in addressing and managing the aftermath of a security breach or attack. Must be trained and have experience in incident response procedures and practices .
9. Defining process issues and resolutions; facilitating and overseeing computer forensics processes.
10. Conducting security assessments, penetration testing, and ethical hacking.
11. Identifying, analyzing, and reporting threats or hidden events within the enterprise network by using defensive measures and information collected from a variety of sources to protect data, information systems, and networks.
12. Perform analysis and investigations using data from firewalls, IPS, VPN, web filtering, SIEM, IDS, email filtering and forensic tools.
13. Contributes to the development and maintenance of the information security strategy.

Additional Functions:

1. Able to be on call for incidents and problems; also able to work different shifts. .
2. Able to travel as needed. .
3. Proficient in the use of incident response and forensics tools such as FTK, Encase, and Cellebrite. .

Perform other duties as assigned.

Other Requirements:

1. Must have an understanding of cyber forensics, networking, and information security technologies and be able to demonstrate outside-the-box thinking and continuous learning.
2. Experience with the following operating systems: Windows, OSX, IOS, Linux or UNIX.
3. Security Certification such as CISSP, CEH, ACE, EnCE, CCE, Security+ etc. required.

A credit history check from a national credit bureau will be conducted for all candidates for this position including new hires and current employees seeking promotion or transfer.
Additional Information

Requisition Number: 226884

Category: Information Systems

Percentage of Travel: Up to 25%

Shift: First

Employment Type: Full-time

Posting End Date: 07/03/2025

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Gulfstream does not provide work visa sponsorship for this position, unless the applicant is a currently sponsored Gulfstream employee.

Legal Information | Site Utilities | Contacts | Sitemap
Copyright © 2025 Gulfstream Aerospace Corporation. All Rights Reserved. A General Dynamics Company.

Gulfstream Aerospace Corporation, a wholly-owned subsidiary of General Dynamics (NYSE: GD), designs, develops, manufactures, markets, services and supports the world's most technologically-advanced business jet aircraft

Amentum is a leading global provider of technical and engineering services to government and commercial customers. We are dedicated to delivering innovative solutions to complex challenges in the defense, intelligence, and civilian markets. With 50,000 employees worldwide, we leverage our extensive experience, cutting-edge technology, and proven processes to provide exceptional value to our customers. Amentum is currently seeking a Senior Level Digital Media Forensics Analyst to join our award-winning team.

Your Impact:

Amentum is seeking experienced Digital Media Forensics Analysts to support the U.S. Army with CI and CT investigations. Analysts will combine computer science with forensic skills to recover information from computers and storage devices to recover data (e.g. documents, photos, and e-mails) from computer hard drives and other data storage devices that have been deleted, damaged, or otherwise manipulated. Analysts use forensic tools and investigative methods to find specific electronic data; hunt for files and information that have been hidden, deleted or lost; help customer officials analyze data and evaluate its relevance; create detailed notes on processes undertaken; and develop intelligence-based reporting. 

Responsibilities: •    Perform all phases of the forensic examination of digital media, including on-site and off-site evidence acquisition/seizures, forensic analysis, and reporting, ensuring chain of custody is maintained and that applicable rules of evidence are adhered to.   
•    Provide support for incident response activities, intrusion events, and malware analysis 
•    Research, design, deploy, and lead training events. 
•    Evaluate emerging forensic technologies. 
•    Provide operational security assessments and support cyber forensic and cyber security tasks.  
•    Protect computers from infiltration, determine how a computer was broken into, and recover lost files.  
•    Provide testing and evaluation of emerging trends in digital forensics software and hardware and assist in developing new and innovative forensic processes and procedures. 
• Support forensics deliverables including CI, CT, HUMINT or Technical Analysis AARs; Intelligence Capabilities, Framework and Architecture Assessments; Threat Intelligence Briefings; CI or HUMINT Policy Analysis; Threat and Vulnerability Assessments; and Analytical Information Reports.

Benefits:

• Company Phone
• AD&D/Life Insurance
• 401(k)
• 401(k) matching
• Dental insurance
• Employee discounts
• Health insurance
• Paid time off
• Vision insurance

Position Summary:
DigiForce Security is a growing information security and information technology company in Owings Mills, Maryland. We are looking to hire an Intermediate Digital Forensics Analyst to support the Cyber Risk Management Team on an existing contract in Windsor Mill, MD. The position is full-time/permanent and will support a US Government civilian agency. The position is available starting July 15th, 2025, upon finding a qualified candidate who can attain the appropriate background clearance.

Position Responsibilities:

As an Intermediate Digital Forensics Analyst, you will play a critical role in supporting cyber investigations and proactive threat detection. Your responsibilities will include:

• Assisting the Security Operations Center (SOC) with digital investigations across mobile, network, cloud, and endpoint environments.
• Collecting, preserving, and analyzing electronic evidence using industry-standard forensic tools such as EnCase, FTK, and X-Ways.
• Performing routine memory checks and system analysis on Linux and Windows servers.
• Proactively analyzing malware, conducting advanced threat hunting, and reconstructing cyber incidents from fragmented or deleted data to solve complex puzzles and uncover root causes.
• Preparing clear and detailed forensic reports, written with the intent that they may become evidence in court proceedings.
• Communicating effectively with cross-functional teams and data centers during investigations.
• Staying ahead of emerging threats by researching new attack vectors, forensic techniques, and evolving threat actor behaviors

Experience and Skill Requirements:

• 2-5 years of experience in digital forensics and malware-related investigations.
• Bachelor's degree in Computer Science, Digital Forensics, Cybersecurity, or related discipline; or equivalent hands-on experience with programming languages such as C, C++, or Java.
• Proven ability to create and maintain a malware analysis lab to support forensic casework, using both static and dynamic techniques.
• Proficient in static malware analysis, including code inspection and de-obfuscation (especially Java-based malware).
• Skilled in dynamic malware analysis in isolated environments to observe file, process, registry, and network behavior.
• Working knowledge of Windows internals relevant to forensics, including:
  • Windows Registry artifacts
  • System Calls and API Behavior
  • Executable file structures (e.g., PE files)
• Hands-on experience with memory analysis using Volatility or other memory forensics tools to extract malware behavior and trace artifacts.
• Competent with forensic toolkits such as FTK for evidence collection and analysis.
• Ability to extract and develop Indicators of Compromise (IOCs) to support broader investigations or threat intelligence efforts.
• Comfortable using Wireshark or similar tools for network traffic forensics related to malware communications (C2, exfiltration, etc.).
• Capable of conducting full-scope forensic investigations involving infected systems, identifying initial infection vectors, and the scope of compromise.
• Familiarity with Linux operating systems and the ability to investigate malware incidents across multiple platforms.
• Strong documentation skills - able to produce clear, defensible forensic reports that can be used in legal, compliance, or operational contexts.

Additional Experience Preferred:

• OllyDbg
• IdaPro
• X86 Intel Assembly Language

One or more Certifications/Licenses below:

• GCFE, CFCE, CGE, DFE, CCME, CCE, or GCFA

What We Look for in You:

• A champion for our clients, with a proactive mindset toward threat detection and resolution
• Adept at explaining complex threats to non-technical stakeholders
• Eager to collaborate with cross-functional teams to devise client-specific security enhancements
• A continuous learner, staying abreast of the latest threats and defense mechanisms
• Holder of relevant technical qualifications and a beacon of analytical ability

Life at DigiForce Security:

• Workforce: We believe in empowering our team with the tools, training, and support needed to excel
• Rewarding Benefits: Our competitive compensation packages are just the start-we offer rewards that recognize your invaluable contribution to the team and our clients
• Culture of Innovation: We foster an environment where innovative ideas for security are valued and implemented
• Client-Centric Approach: We're not just a company; we're a partner to our clients, and your work will directly impact their success

Job Type: Full-time: Monday-Friday

This is a remote position.

Compensation: $80,000.00 - $90,000.00 per year

DigiForce Security is a business, providing IT and OT cybersecurity services. We strive to address the ever-evolving threats and challenges associated with operating in a progressively digital world. As a company, we not only endeavor to safeguard today’s businesses and government organizations from cyber criminals, we are also proactive in developing solutions and talent for the threats of tomorrow. Our mission is to help organizations realize the promise of an interconnected world with minimal risk to clients or the integrity of their organization.

**Work Schedule**
Standard (Mon-Fri)
**Environmental Conditions**
Office
**Job Description**
Join the diverse team at Thermo Fisher Scientific as a Senior Digital Forensic Incident Response Analyst, applying your expertise to improve digital forensics and incident response, reducing risk and boosting our capabilities globally. This is a hybrid role, with 4 days per week onsite in Frederick, MD.
What will you do?
+ Act as the senior expert guiding the company through the investigation of cybersecurity incidents.
+ Conduct digital forensic investigations in response to high or critical security incidents, independently or as part of a team.
+ Develop and share relevant threat intelligence with team members to improve existing detection and response capabilities.
+ Lead the development of forensic playbooks and scalable procedures, recommending technical solutions to reduce risk across the enterprise. Develop solutions and strategies to build and deploy scalable tools for incident response for the team and the global SOC.
+ Act as a mentor and provide guidance to junior team members.
+ Apply your knowledge of the current and emerging threat landscape to active threat hunting exercises.
How will you get here?
**Education**
Bachelor's Degree or equivalent experience in cybersecurity, computer science, engineering, or another relevant field.
Relevant technical certifications a plus, such as GCIH, GCFA, GCFE, GREM, GCTI, and others.
**Experience**
+ Extensive experience in combined cybersecurity, particularly in forensics, architecture, and incident response.
+ Proficiency in using tools like Magnet Axiom, AccessData FTK, Encase, X-Ways, The Sleuth Kit/Autopsy, Volatility, Windows, Linux, and MacOS
+ Experience automating workflows with PowerShell, Bash, or Python.
+ Familiarity with the TCP/IP suite of protocols.
+ Demonstrable experience in leading forensic investigations based on EDR, XDR, memory, disk, and log-based evidence.
+ Experience conducting static and dynamic malware reverse engineering.
+ In-depth knowledge of Cloud, Web Application, and API security, including conducting forensic investigations on their technology stacks.
**Knowledge, Skills, Abilities**
Ability to explain technical details to business leadership with a focus on encouraging technical changes or investment where appropriate
We offer competitive remuneration, annual incentive plan bonus, healthcare, and a range of employee benefits. Thermo Fisher Scientific offers employment with an innovative, forward-thinking organization, and outstanding career and development prospects. We offer an exciting company culture that stands for integrity, intensity, involvement, and innovation!
**Compensation and Benefits**
The salary range estimated for this position based in Maryland is $149,500.00-$215,678.00.
This position may also be eligible to receive a variable annual bonus based on company, team, and/or individual performance results in accordance with company policy. We offer a comprehensive Total Rewards package that our U.S. colleagues and their families can count on, which includes:
+ A choice of national medical and dental plans, and a national vision plan, including health incentive programs
+ Employee assistance and family support programs, including commuter benefits and tuition reimbursement
+ At least 120 hours paid time off (PTO), 10 paid holidays annually, paid parental leave (3 weeks for bonding and 8 weeks for caregiver leave), accident and life insurance, and short- and long-term disability in accordance with company policy
+ Retirement and savings programs, such as our competitive 401(k) U.S. retirement savings plan
+ Employees' Stock Purchase Plan (ESPP) offers eligible colleagues the opportunity to purchase company stock at a discount
For more information on our benefits, please visit: Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.

**Job Description**
Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the U.S. National Nuclear Security Administration (NNSA). Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations, engineering, education, field, and integration services and by acting as environmental stewards to the Site's Cold War legacy. Our VISION is to be the user site of choice for large-scale, high-hazard, national security experimentation, with premier facilities and capabilities below ground, on the ground, and in the air. (See NNSS.gov for our unique capabilities.) Our 2,750+ professional, craft, and support employees are called upon to innovate, collaborate, and deliver on some of the more difficult nuclear security challenges facing the world today.
+ MSTS offers our full-time employees highly competitive salaries and benefits packages including medical, dental, and vision; both a pension and a 401k; paid time off and 96 hours of paid holidays; relocation (if located more than 75 miles from work location); tuition assistance and reimbursement; and more.
+ MSTS is a limited liability company consisting of Honeywell International Inc. (Honeywell), Jacobs Engineering Group Inc. (Jacobs), and HII Nuclear Inc.
**Responsiblities**
MSTS is seeking a highly experienced cybersecurity professional to implement and monitor security measures of the company's cloud infrastructure.
**Key Responsibilities**
+ Identify and analyze potential cloud-based threats, monitor cloud environments, and respond to security incidents.
+ Monitor intrusion detection/prevention systems (IDS/IPS), Security Event and Incident Management (SEIM) tools, endpoint security tools, email gateways, firewalls, network infrastructure, and other appliances for security issues.
+ Create logical and physical forensic images of digital evidence via the network or directly from hosts.
+ Analyze host-based indicators of compromise or network traffic and analyze additional log, forensic, malware, or other incident response related data as needed.
+ Participate as part of an incident response team to detect, to respond to, contain, and remediate cyber-related threats against IT assets.
+ Seize digital evidence in support of investigations and conduct host-based and network-based forensic analysis of digital evidence.
+ Create detailed reports of investigative activity for consumption by internal and external organizations that include Human Resources, the Legal Department, Information Security Officers, and local, state, and federal law enforcement.
+ Conduct digital investigations involving breaches of Information Technology (IT) infrastructure, forensic investigations, legal and privacy issues requiring digital investigations, and network forensic investigations handling large scale, complex post-incident investigations, where techniques such as network forensics, malware reverse engineering, log analysis, timeline creation, and host-based forensics have been applied.
+ Have a deep understanding of high-tech investigations, skills, techniques, and tools necessary for conducting live forensics on critical systems and being able to produce detailed analysis of the root cause of any incidents.
+ Conducting detailed analysis of systems where breaches of critical IT infrastructure may have occurred and provide root cause analysis, impact assessments and rapid response to aid detection of those responsible and make recommendations to assist in prevention of similar incidents.
+ Ability to conduct reverse engineering of malware and other suspicious code and report the findings.
+ Focus on projects of substantial complexity and broad scope, requiring interdisciplinary coordination.
+ Leverage practical experience to independently perform host-based forensic investigations to establish user activity on systems.
+ Independently plan, schedule, and direct projects that are guided by established objectives, budgets, and schedules.
+ Assist in researching, compiling, and analyzing technical data.
+ Be relied upon to multitask as required between responsibilities.
+ Review Cyber Security threat information and assist with mitigating vulnerabilities identified.
+ Develop standards, practices, and procedures as well as increase technical knowledge to solve problems and complete projects.
+ Contribute to an overall productive and respectful work environment by providing excellent customer service and working in a positive, collegial manner by maintaining cooperative and respectful working relationships with Cyber Security Staff, other divisions, and customers.
+ Perform related duties as assigned.
**Qualifications**
+ Bachelor's degree or equivalent training and experience in a computer-related field and at least 8 years of related experience.
+ Ability to conduct investigations on multiple cloud platforms (SaaS, PaaS, IaaS).
+ Strong knowledge of Azure, AWS, and Oracle OCI.
+ Ability to configure, use, and tune cloud native security tools such as SCNAPP, CSPM, and CASB.
+ Demonstrate a thorough understanding of advanced principles, theories, standards, practices, protocols, forensic hardware and software, and procedures used in Digital Forensics/Incident Response.
+ Understanding of the Windows Operating System and command line tools, network protocols, and TCP/IP fundamentals.
+ Understanding of the Mac Operating System and command line tools.
+ Understanding of the *Nix Operating System and Command line tools.
+ Ability to conduct forensic analysis of mobile devices including Android, iOS, Blackberry, and other cellular and tablet devices.
+ Understanding of file system forensics including HFS, NTFS, FAT, EXT, and CDFS.
+ Ability to conduct forensic analysis of Windows XP, Vista 7, 8, 10, and 11 file systems, Mac OSX, and various *Nix platforms.
+ Knowledge of Cyber Security vulnerabilities, mitigation strategies, network architecture, and how to apply security controls.
+ Ability to articulate highly technical processes and information to a non-technical audience.
+ Ability to render credible testimony in a court of law.
+ Experience with working with a broad variety of computer forensic hardware and software (preferably familiar with EnCase, FTK, and other forensic suites) and incident investigation tools and techniques.
+ Ability to investigate large data compromise events to mitigate risk to data compromise events and investigating insider threats and incidents.
+ Knowledge of computer forensic best practices and industry standard methodologies for responding to network threats.
+ Ability to conduct online investigations and gather intelligence.
+ Ability to understand policies, procedures, laws, regulations, and other directives.
+ Ability to maintain strict confidentiality.
+ Ability to communicate effectively in English, both verbally and in writing, sufficient enough to communicate with co-workers, customers, and write clear and concise reports.
+ Ability to use multiple electronic devices including standard office machines, cellular phones, and security appliances.
+ Ability to meet physical requirements necessary to safety and effectively perform all assigned duties.
+ Ability to pass a federal background check and obtain a "Q" Clearance.
+ **Preferred additional qualifications:**
+ AccessData Certified Examiner (ACE)
+ Certified Forensic Computer Examiner (CFCE)
+ GIAC Certified Incident Handler (GCIH)
+ GIAC Certified Forensic Analyst (GCFA)
+ Certified Electronic Evident Collection Specialist (CEECS)
+ GIAC Cloud Forensics Responder (GCFR)
+ GIAC Cloud Penetration Tester (GCPN)
+ GIAC Cloud Threat Detection (GCTD)
+ Certified Computer Examiner (CCE)
+ EnCase Certified Examiner (EnCE)
+ GIAC Security Essentials (GSEC)
+ Certified Information Systems Security Professional (CISSP)
+ The primary work location will be at the Losee Road facility in North Las Vegas, Nevada. Work at the Nevada National Security Site (located 65 miles northwest of Las Vegas, Nevada may be required to support work).
+ Work schedule will be 4/10s Monday through Thursday (subject to change).
+ Pre-placement physical examination, which includes a drug screen, is required. MSTS maintains a substance abuse policy that includes random drug testing.
+ Must possess a valid driver's license.
MSTS is required by DOE directive to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants offered employment with MSTS are also subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment. In addition, Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship, at least 18 years of age. Reference DOE Order 472.2 ( , "Personnel Security". If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.
**Department of Energy Q Clearance** (position will be cleared to this level). Reviews and tests for the absence of any illegal drug as defined in 10 CFR Part 707.4 ( , "Workplace Substance Abuse Programs at DOE Sites," will be conducted. Applicant selected will be subject to a Federal background investigation, required to participate in subsequent reinvestigations, and must meet the eligibility requirements for access to classified matter. Successful completion of a counterintelligence evaluation, which may include a counterintelligence-scope polygraph examination, may also be required. Reference 10 CFR Part 709 ( , "Counterintelligence Evaluation Program."
MSTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, veteran status or other characteristics protected by law. MSTS is a background screening, drug-free workplace.
Annual salary range for this position is: **$116,001.60 - $176,904.00**
Starting salary is determined based on the position market value, the individual candidate education and experience and internal equity.