Senior DFIR Analyst

Title: Senior DFIR Analyst

State Role Title:Info Technology Specialist III

Hiring Range: $120000 - $140000

Pay Band: 6

Agency: VA Information Tech Agency

Location:VA Information Technologies

Agency Website: Type: General Public - G

Job Duties

The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a Senior DFIR Analyst with the Commonwealth Security Risk Management Division.

The purpose of this position is to oversee and manage the daily operations of the Commonwealth of Virginias security incident response function within the Virginia Information Technologies Agency (VITA).

The position is responsible for supervising the collection analysis and classification of cybersecurity incidents and for coordinating timely and effective statewide responses to security threats.

This role ensures that incidents are properly triaged investigated documented and communicated in accordance with Commonwealth security policies standards and statutory requirements.

The position serves as a primary coordination point between internal VITA security teams external security organizations state agencies and law enforcement entities. It monitors emerging threats assesses potential impacts to Commonwealth systems and recommends appropriate mitigation or response actions.

The role also manages the Commonwealths computer forensics laboratory and ensures investigative activities are conducted in a secure authorized and properly documented manner.

Key responsibilities include collecting and evaluating all computer security incident information; responding to cybersecurity events within the established jurisdiction; assisting agency incident response teams as needed; and ensuring investigations are routed appropriately.

The position also leads efforts in threat tracking vulnerability monitoring and security advisory development. It is responsible for disseminating advisories to agencies gathering agency feedback and using that input to enhance incident response capabilities products and services.

Additionally the position fulfills multiple liaison functions serving as a security response liaison across state agencies with external directorates with law enforcement partners and with the Centralized Operations Center.

The role evaluates and reports on Commonwealth threat data and contributes to continuous improvement of the statewide cybersecurity posture through analysis communication and interagency coordination.

Join VITA at The Boulders in Richmond VA where innovation meets impact! As the Commonwealths leading IT agency were connecting protecting innovating and powering Virginias digital future through collaboration creativity and purpose. Our team thrives in a vibrant customer-focused environment that values growth accountability and forward thinking all while making technology work for every corner of Virginia.

Minimum Qualifications

Considerable experience performing digital forensics (endpoint server cloud and mobile) including evidence acquisition preservation and analysis following defensible forensic methodologies.

Considerable experience analyzing host-based and network-based artifacts (Windows Linux memory dumps disk images logs registry data packet captures cloud telemetry).

Considerable knowledge of cybersecurity incident responseincluding triage scoping containment eradication and recoverypaired with the ability to perform static and behavioral malware analysis to interpret indicators and support effective threat attribution and response.

Considerable knowledge of industry standard DFIR tools (e.g. EnCase FTK Cellebrite Volatility Autopsy KAPE ELK/Splunk EDR platforms).

Considerable knowledge of adversary TTPs and familiarity with frameworks such as MITRE ATT&CK threat intelligence consumption and correlation.

Experience leading or supporting complex investigations involving data exfiltration insider threats privilege escalation ransomware or advanced persistent threats (APTs).

Knowledge of enterprise scale IT environments including Active Directory virtualization cloud platforms and common enterprise security controls.

Considerable experience with Microsoft Office productivity products (Excel Word PowerPoint Outlook Teams).

Experience working with internal and external stakeholders and produce high-quality written reports executive summaries and defensible forensic documentation suitable for legal or regulatory review.

Experience with interpretation and application of federal state laws/regulations/standards/policies.

Additional Considerations

Advanced digital forensics or threat hunting expertise including deep experience with memory forensics reverse engineering development of detection logic and analysis of sophisticated threat actor tradecraft.

Proficiency conducting investigations in cloud environments (Azure AWS M365) including log acquisition identity related forensics and cloud native threat hunting.

Experience leading incident response engagements involving advanced persistent threats (APTs) zero-day exploitation or multistage intrusion campaigns.

Knowledge of regulatory audit and evidentiary requirements relevant to government environments including defensible documentation practices.

Demonstrated ability to mentor junior analysts guide agency ISOs during active incidents and advise leadership with clear technical recommendations as part of a SOC environment MSSP or large-scale managed detection and response program.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

The Commonwealth of Virginia welcomes all applicants authorized to work in the United States. Sponsorship is not provided; therefore applicants must be a citizen or national of the U.S. a Lawful Permanent Resident or an alien authorized to work.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications resumes cover letters any other format. Please refer to Your Application in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Reasonable accommodations are available to persons with disabilities during the application and/or interview processes per the Americans with Disabilities Act.

VITA is a Virginia Values Veterans (V3) official certified state agency that provides hiring preference to Veterans and Members of the Virginia National Guard in support of Executive Order 29 (2010). If you are a Veteran or Virginia National Guard Member we encourage you to apply and receive preference in the hiring process. AmeriCorps Peace Corps and other national service alumni also are encouraged to apply.

Contact Information

Name: VITA Human Resources

Phone:

Email:

In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.