Essential Job Functions

• Create and maintain chain-of-custody documentation. 
• Provide technical summary of findings in accordance with established reporting procedures. 
• Perform comprehensive file system and device analysis to include recovery of hidden and deleted content. 

• Perform initial analysis of log files, evidence and other information. 
• Utilize data decryption tools. 
• Perform forensic incident handling tasks (such as forensic collections, host analysis, intrusion correlation and tracking, threat analysis, and direct system remediation) as part of flyaway Incident Response Teams (IRTs). 
• Detect anti-forensics techniques. 

Minimum Required Qualifications

• Due to the nature of this position and the information that employees will be required to access, U.S. Citizenship is required.
• Required Security Clearance: TS/SCI with FS Poly.
• Required High School Diploma. 
• Two years of experience as a Cyber Forensics Analyst. 
• Two years of demonstrated experience using at least two different forensic tool suites similar to EnCase, Sleuthkit, FTK, X-WAYS, REKALL or Axiom. 
• Three years of demonstrated experience working with Windows and Linux operating systems as a system administrator, or in software development and IT systems (DevOps).
• Requires DoD 8570 compliance with Cybersecurity Service Provider (CSSP) Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification.
• Requires Global Information Assurance Certification Forensic Analyst (GCFA) or Global Information Assurance Certification Forensic Examiner (GCFE).