Job Description

Digital Forensics Engineer

Position Title: Digital Forensics Engineer
Program: SBA Enterprise Cybersecurity Services (ECS)

Position Summary

The Digital Forensics Engineer supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by providing advanced digital forensics incident response cyber investigation evidence preservation malware analysis and e-discovery support services.
The Digital Forensics Engineer conducts complex forensic examinations involving workstations servers cloud platforms mobile devices email systems network traffic and enterprise applications in support of cybersecurity investigations incident response activities insider threat investigations legal support actions and enterprise cyber defense operations. The role supports 24x7x365 Security Operations Center (SOC) functions and coordinates closely with federal stakeholders incident responders threat hunters legal teams privacy personnel and law enforcement partners.

Essential Duties and Responsibilities

• Perform advanced digital forensic analysis and investigations in support of SBA ECS cybersecurity operations requirements.
• Support Task Areas 3.5.3 and 3.5.3.6 by conducting forensic examinations related to cybersecurity incidents insider threats malware infections unauthorized access and data exfiltration.
• Collect preserve analyze and document digital evidence in accordance with federal forensic standards and chain-of-custody procedures.
• Perform host-based network-based cloud-based and mobile device forensic investigations across enterprise environments.
• Conduct forensic acquisition and analysis of Windows Linux macOS cloud virtualized and hybrid systems.
• Analyze endpoint telemetry security logs network packet captures (PCAP) SIEM data and forensic artifacts to identify indicators of compromise (IOCs) and adversary activity.
• Support incident response activities by reconstructing attack timelines determining root cause identifying attack vectors and assessing operational impact.
• Perform malware analysis and reverse engineering support activities to identify malicious behaviors persistence mechanisms and command-and-control communications.
• Support e-discovery operations including collection indexing preservation processing and review of electronically stored information (ESI).
• Conduct forensic examinations supporting legal Inspector General (IG) Human Resources (HR) insider threat privacy and law enforcement investigations.
• Utilize forensic and cyber defense tools including EnCase FTK Velociraptor Wireshark Volatility Splunk Microsoft Defender Sentinel and endpoint detection and response (EDR) platforms.
• Perform memory analysis disk analysis registry analysis browser artifact analysis and log correlation activities.
• Develop forensic reports technical findings evidentiary documentation executive briefings and remediation recommendations.
• Maintain detailed forensic documentation evidence handling procedures and chain-of-custody records.
• Support cybersecurity monitoring detection containment eradication and recovery activities within the SOC environment.
• Coordinate with SOC analysts incident responders threat hunters engineers and federal stakeholders during cyber investigations and breach response activities.
• Support continuous improvement of forensic methodologies investigative procedures and cybersecurity operational capabilities.
• Assist with the development and maintenance of digital forensic playbooks standard operating procedures (SOPs) and incident handling guidance aligned with NIST SP 800-61 and NIST SP 800-86.
• Research emerging cyber threats adversary tactics techniques and procedures (TTPs) and evolving forensic technologies.
• Support federal cybersecurity compliance requirements reporting activities and operational readiness initiatives.

Minimum Qualifications

• Bachelors degree in Cybersecurity Computer Science Digital Forensics Information Assurance Information Technology or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 8 years of experience supporting digital forensics cyber investigations incident response cybersecurity operations or Security Operations Center (SOC) environments.
• Hands-on experience conducting enterprise-level forensic investigations and evidence analysis.
• Experience with forensic acquisition and analysis tools including EnCase FTK X-Ways Velociraptor Volatility or equivalent technologies.
• Experience analyzing Windows Linux cloud mobile and network forensic artifacts.
• Knowledge of incident response methodologies MITRE ATT&CK framework cyber kill chain concepts and adversary TTP analysis.
• Experience supporting legal hold e-discovery insider threat and regulatory investigation activities.
• Experience with SIEM EDR IDS/IPS packet analysis and security monitoring technologies.
• Strong understanding of NIST cybersecurity standards including NIST SP 800-61 and NIST SP 800-86.
• Ability to prepare technical forensic reports and present investigative findings to technical and executive stakeholders.
• Strong analytical investigative communication and technical documentation skills.

Preferred Certifications

• GIAC Certified Forensic Analyst (GCFA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Certified Incident Handler (GCIH)
• EnCase Certified Examiner (EnCE)
• Certified Computer Examiner (CCE)
• Certified Ethical Hacker (CEH)
• CompTIA CySA
• CompTIA Security
• Certified Information Systems Security Professional (CISSP)

Required Experience:

Senior IC

Job Tags

Full time

Similar Jobs