Digital Forensics Engineer 

Position Summary

Essential Duties and Responsibilities

• Perform advanced digital forensic analysis and investigations in support of SBA ECS cybersecurity operations requirements.
• Support Task Areas 3.5.3 and 3.5.3.6 by conducting forensic examinations related to cybersecurity incidents, insider threats, malware infections, unauthorized access, and data exfiltration.
• Collect, preserve, analyze, and document digital evidence in accordance with federal forensic standards and chain-of-custody procedures.
• Perform host-based, network-based, cloud-based, and mobile device forensic investigations across enterprise environments.
• Conduct forensic acquisition and analysis of Windows, Linux, macOS, cloud, virtualized, and hybrid systems.
• Analyze endpoint telemetry, security logs, network packet captures (PCAP), SIEM data, and forensic artifacts to identify indicators of compromise (IOCs) and adversary activity.
• Support incident response activities by reconstructing attack timelines, determining root cause, identifying attack vectors, and assessing operational impact.
• Perform malware analysis and reverse engineering support activities to identify malicious behaviors, persistence mechanisms, and command-and-control communications.
• Support e-discovery operations including collection, indexing, preservation, processing, and review of electronically stored information (ESI).
• Conduct forensic examinations supporting legal, Inspector General (IG), Human Resources (HR), insider threat, privacy, and law enforcement investigations.
• Utilize forensic and cyber defense tools including EnCase, FTK, Velociraptor, Wireshark, Volatility, Splunk, Microsoft Defender, Sentinel, and endpoint detection and response (EDR) platforms.
• Perform memory analysis, disk analysis, registry analysis, browser artifact analysis, and log correlation activities.
• Develop forensic reports, technical findings, evidentiary documentation, executive briefings, and remediation recommendations.
• Maintain detailed forensic documentation, evidence handling procedures, and chain-of-custody records.
• Support cybersecurity monitoring, detection, containment, eradication, and recovery activities within the SOC environment.
• Coordinate with SOC analysts, incident responders, threat hunters, engineers, and federal stakeholders during cyber investigations and breach response activities.
• Support continuous improvement of forensic methodologies, investigative procedures, and cybersecurity operational capabilities.
• Assist with the development and maintenance of digital forensic playbooks, standard operating procedures (SOPs), and incident handling guidance aligned with NIST SP 800-61 and NIST SP 800-86.
• Research emerging cyber threats, adversary tactics, techniques, and procedures (TTPs), and evolving forensic technologies.
• Support federal cybersecurity compliance requirements, reporting activities, and operational readiness initiatives.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Digital Forensics, Information Assurance, Information Technology, or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 8 years of experience supporting digital forensics, cyber investigations, incident response, cybersecurity operations, or Security Operations Center (SOC) environments.
• Hands-on experience conducting enterprise-level forensic investigations and evidence analysis.
• Experience with forensic acquisition and analysis tools including EnCase, FTK, X-Ways, Velociraptor, Volatility, or equivalent technologies.
• Experience analyzing Windows, Linux, cloud, mobile, and network forensic artifacts.
• Knowledge of incident response methodologies, MITRE ATT&CK framework, cyber kill chain concepts, and adversary TTP analysis.
• Experience supporting legal hold, e-discovery, insider threat, and regulatory investigation activities.
• Experience with SIEM, EDR, IDS/IPS, packet analysis, and security monitoring technologies.
• Strong understanding of NIST cybersecurity standards including NIST SP 800-61 and NIST SP 800-86.
• Ability to prepare technical forensic reports and present investigative findings to technical and executive stakeholders.
• Strong analytical, investigative, communication, and technical documentation skills.

Preferred Certifications

• GIAC Certified Forensic Analyst (GCFA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Certified Incident Handler (GCIH)
• EnCase Certified Examiner (EnCE)
• Certified Computer Examiner (CCE)
• Certified Ethical Hacker (CEH)
• CompTIA CySA+
• CompTIA Security+
• Certified Information Systems Security Professional (CISSP)