Computer Forensics Investigator Jobs in Arizona (NOW HIRING)

Title: Security Analyst - Forensics & Malware Analysis

Location: Chandler, AZ or Washington, DC

Terms: Full-time

Clearance: Active Secret required; TS/SCI preferred

Travel: 0-20%

As a Security Analyst specializing in Forensics and Malware Analysis at Revolutional, you are the person the team calls when an incident goes deep. You conduct digital forensic investigations and malware analysis on compromised systems, media, and artifacts to determine scope, attribution, and impact — and you produce findings that drive response decisions and inform the broader security posture.

You are a technical specialist, not a generalist. You bring extensive hands-on experience with digital media analysis, forensic tooling, and malware reverse engineering. You work independently on complex investigations, maintain rigorous chain of custody, and translate technical findings into clear, actionable reporting for both technical peers and program leadership.

• Conduct digital forensic investigations on compromised endpoints, servers, storage media, and network artifacts, maintaining proper chain of custody throughout
• Perform static and dynamic malware analysis to identify malware behavior, capabilities, persistence mechanisms, and indicators of compromise (IOCs)
• Analyze memory dumps, disk images, log files, and network captures to reconstruct attack timelines and determine scope of compromise
• Identify and extract IOCs from forensic investigations and malware samples; coordinate with threat intelligence and SOC teams to operationalize findings
• Support incident response activities by providing forensic analysis that informs containment, eradication, and recovery decisions
• Produce clear, thorough forensic reports and malware analysis write-ups suitable for technical teams and executive audiences
• Maintain and operate forensic lab environments, tools, and procedures in accordance with program and federal evidentiary standards
• Contribute to development and refinement of forensic and malware analysis procedures, playbooks, and tooling
• Stay current on adversary tradecraft, malware families, and emerging analysis techniques relevant to the federal threat landscape
• Support classified incident investigations as required, handling evidence and findings in accordance with applicable security protocols

• Bachelor's degree in Computer Science, Information Security, Digital Forensics, or related field (or equivalent experience)
• 5 or more years of security-related experience, with extensive hands-on experience in digital media analysis and digital forensics
• Active Secret clearance; Top Secret/SCI eligibility required

• Extensive experience with digital forensic methodologies: disk and media acquisition, file system analysis, artifact recovery, and timeline reconstruction
• Hands-on malware analysis experience including static analysis (disassembly, code review) and dynamic analysis (sandboxing, behavioral observation)
• Proficiency with industry-standard forensic tools such as EnCase, FTK, Autopsy, Volatility, IDA Pro, Ghidra, or equivalent
• Experience analyzing Windows, Linux, and/or cloud-based environments for signs of compromise and attacker activity
• Familiarity with network forensics: packet capture analysis, NetFlow, proxy logs, and identifying lateral movement or exfiltration artifacts
• Understanding of attacker TTPs, kill-chain methodology, and MITRE ATT&CK framework as applied to forensic analysis
• Experience producing forensic reports and malware analysis documentation that meet legal and evidentiary standards

• Technically deep and intellectually rigorous — you dig until you find the answer and don't stop at surface-level findings
• Detail-oriented with strong documentation discipline; your work product holds up under scrutiny
• Able to work independently on complex, ambiguous investigations without needing constant direction
• Communicates technical findings clearly to both technical peers and non-technical leadership

One certification from each of the following groups is required:

• CISSP Associate, CCSP, SSCP, GMON, GCIH, GCIA, GECD, CEH, or CASP+

• Any certification qualifying under the DoD 8570 CSSP Analyst, Infrastructure Support, or Incident Responder categories, or other similar certifications as approved

• Forensics-specific certifications: GCFE, GCFA, GNFA (GIAC), EnCE (EnCase), or CFCE (Certified Forensic Computer Examiner)
• Malware analysis certifications: GREM (GIAC Reverse Engineering Malware) or equivalent
• Experience conducting forensic investigations in classified or law enforcement environments
• Familiarity with mobile device forensics, cloud forensics, or memory forensics at advanced levels
• Experience supporting legal proceedings or law enforcement actions with forensic findings
• Active TS/SCI clearance

#DICE #LinkedIn