HHS Digital Forensics Analyst

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Digital Forensics Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Digital Forensics Information Technology or related field.
Minimum 58 years of experience performing digital forensic investigations.
Hands-on experience with endpoint server network and cloud forensics.
Strong knowledge of forensic acquisition analysis and evidence handling procedures.
Experience supporting enterprise incident response and breach investigations.
Familiarity with federal incident response and reporting requirements.
Strong analytical documentation and communication skills.
Active GCFA GCFE EnCE or GCIH (preferred).

Duties:

Conduct digital forensic investigations following cybersecurity incidents data breaches and suspected malicious activity.
Perform forensic acquisition and analysis of endpoints servers cloud workloads network traffic logs and removable media.
Preserve digital evidence in accordance with chain-of-custody and evidentiary handling requirements.
Identify incident origin timeline scope and extent of compromise using forensic methodologies.
Analyze malware artifacts scripts and suspicious files to determine functionality and impact.
Support reverse engineering and de-obfuscation of malicious content when required.
Correlate forensic findings with SIEM EDR network and cloud telemetry.
Produce detailed forensic reports documenting methodology findings evidence and recommendations.
Support incident containment eradication and recovery activities through forensic insight.
Assist with investigations involving PII PHI and other sensitive data in coordination with HRSA Privacy and Legal teams.
Support FOIA searches OGC litigation holds and OIG criminal investigations as required.
Maintain forensic toolsets images and procedures in accordance with HRSA SOPs.
Participate in cyber exercises tabletop exercises and after-action reviews.
Provide expert guidance to SOC Analysts Incident Responders and Threat Hunters.
Ensure compliance with NIST SP 800-61 NIST SP 800-86 and HHS incident response guidance.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Digital Forensics Information Technology or related field.
Minimum 58 years of experience performing digital forensic investigations.
Hands-on experience with endpoint server network and cloud forensics.
Strong knowledge of forensic acquisition analysis and evidence handling procedures.
Experience supporting enterprise incident response and breach investigations.
Familiarity with federal incident response and reporting requirements.
Strong analytical documentation and communication skills.
Active GCFA GCFE EnCE or GCIH (preferred).

Duties:

Conduct digital forensic investigations following cybersecurity incidents data breaches and suspected malicious activity.
Perform forensic acquisition and analysis of endpoints servers cloud workloads network traffic logs and removable media.
Preserve digital evidence in accordance with chain-of-custody and evidentiary handling requirements.
Identify incident origin timeline scope and extent of compromise using forensic methodologies.
Analyze malware artifacts scripts and suspicious files to determine functionality and impact.
Support reverse engineering and de-obfuscation of malicious content when required.
Correlate forensic findings with SIEM EDR network and cloud telemetry.
Produce detailed forensic reports documenting methodology findings evidence and recommendations.
Support incident containment eradication and recovery activities through forensic insight.
Assist with investigations involving PII PHI and other sensitive data in coordination with HRSA Privacy and Legal teams.
Support FOIA searches OGC litigation holds and OIG criminal investigations as required.
Maintain forensic toolsets images and procedures in accordance with HRSA SOPs.
Participate in cyber exercises tabletop exercises and after-action reviews.
Provide expert guidance to SOC Analysts Incident Responders and Threat Hunters.
Ensure compliance with NIST SP 800-61 NIST SP 800-86 and HHS incident response guidance.