Digital Forensics Engineer Job Description

Position Summary

Essential Duties and Responsibilities

• Perform advanced digital forensic analysis and investigations in support of SBA ECS cybersecurity operations requirements.
• Support Task Areas 3.5.3 and 3.5.3.6 by conducting forensic examinations related to cybersecurity incidents insider threats malware infections unauthorized access and data exfiltration.
• Collect preserve analyze and document digital evidence in accordance with federal forensic standards and chain-of-custody procedures.
• Perform host-based network-based cloud-based and mobile device forensic investigations across enterprise environments.
• Conduct forensic acquisition and analysis of Windows Linux macOS cloud virtualized and hybrid systems.
• Analyze endpoint telemetry security logs network packet captures (PCAP) SIEM data and forensic artifacts to identify indicators of compromise (IOCs) and adversary activity.
• Support incident response activities by reconstructing attack timelines determining root cause identifying attack vectors and assessing operational impact.
• Perform malware analysis and reverse engineering support activities to identify malicious behaviors persistence mechanisms and command-and-control communications.
• Support e-discovery operations including collection indexing preservation processing and review of electronically stored information (ESI).
• Conduct forensic examinations supporting legal Inspector General (IG) Human Resources (HR) insider threat privacy and law enforcement investigations.
• Utilize forensic and cyber defense tools including EnCase FTK Velociraptor Wireshark Volatility Splunk Microsoft Defender Sentinel and endpoint detection and response (EDR) platforms.
• Perform memory analysis disk analysis registry analysis browser artifact analysis and log correlation activities.
• Develop forensic reports technical findings evidentiary documentation executive briefings and remediation recommendations.
• Maintain detailed forensic documentation evidence handling procedures and chain-of-custody records.
• Support cybersecurity monitoring detection containment eradication and recovery activities within the SOC environment.
• Coordinate with SOC analysts incident responders threat hunters engineers and federal stakeholders during cyber investigations and breach response activities.
• Support continuous improvement of forensic methodologies investigative procedures and cybersecurity operational capabilities.
• Assist with the development and maintenance of digital forensic playbooks standard operating procedures (SOPs) and incident handling guidance aligned with NIST SP 800-61 and NIST SP 800-86.
• Research emerging cyber threats adversary tactics techniques and procedures (TTPs) and evolving forensic technologies.
• Support federal cybersecurity compliance requirements reporting activities and operational readiness initiatives.

Minimum Qualifications

• Bachelors degree in Cybersecurity Computer Science Digital Forensics Information Assurance Information Technology or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 8 years of experience supporting digital forensics cyber investigations incident response cybersecurity operations or Security Operations Center (SOC) environments.
• Hands-on experience conducting enterprise-level forensic investigations and evidence analysis.
• Experience with forensic acquisition and analysis tools including EnCase FTK X-Ways Velociraptor Volatility or equivalent technologies.
• Experience analyzing Windows Linux cloud mobile and network forensic artifacts.
• Knowledge of incident response methodologies MITRE ATT&CK framework cyber kill chain concepts and adversary TTP analysis.
• Experience supporting legal hold e-discovery insider threat and regulatory investigation activities.
• Experience with SIEM EDR IDS/IPS packet analysis and security monitoring technologies.
• Strong understanding of NIST cybersecurity standards including NIST SP 800-61 and NIST SP 800-86.
• Ability to prepare technical forensic reports and present investigative findings to technical and executive stakeholders.
• Strong analytical investigative communication and technical documentation skills.

Preferred Certifications

• GIAC Certified Forensic Analyst (GCFA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Certified Incident Handler (GCIH)
• EnCase Certified Examiner (EnCE)
• Certified Computer Examiner (CCE)
• Certified Ethical Hacker (CEH)
• CompTIA CySA
• CompTIA Security
• Certified Information Systems Security Professional (CISSP)