ZipRecruiter

Log In

1

Cyber Defense Forensics Analyst Jobs (NOW HIRING)

next page

Showing results 1-20

All JobsCyber Defense Forensics Analyst Jobs

Cyber Defense Forensics Analyst information

See salary details

$69.5K

$101.6K

$154.5K

How much do cyber defense forensics analyst jobs pay per year?

As of Jun 16, 2026, the average yearly pay for cyber defense forensics analyst in the United States is $101,608.00, according to ZipRecruiter salary data. Most workers in this role earn between $78,500.00 and $132,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Defense Forensics Analyst, and why are they important?

To thrive as a Cyber Defense Forensics Analyst, you need a solid understanding of computer networks, operating systems, incident response, and digital investigation techniques, often supported by degrees in cybersecurity or computer science. Familiarity with forensic analysis tools (like EnCase, FTK, or Autopsy), SIEM systems, and certifications such as GCFA or CHFI is highly beneficial. Strong analytical thinking, attention to detail, and effective communication set top performers apart in this role. These skills are crucial to accurately identify, investigate, and mitigate cyber threats while clearly documenting findings for legal or organizational response.

What is the difference between Cyber Defense Forensics Analyst vs Cyber Security Analyst?

AspectCyber Defense Forensics AnalystCyber Security Analyst
CertificationsGCFA, GCFE, CISSPCISSP, Security+, CEH
Work EnvironmentIncident response teams, forensic labsSecurity operations centers, risk assessment teams
Employer & IndustryGovernment agencies, cybersecurity firmsCorporations, financial institutions, tech companies

While both roles focus on cybersecurity, a Cyber Defense Forensics Analyst specializes in investigating cyber incidents and analyzing digital evidence, often working in forensic labs or incident response teams. In contrast, a Cyber Security Analyst has a broader role in monitoring security systems, assessing risks, and implementing preventive measures across organizations.

What are some typical challenges faced by Cyber Defense Forensics Analysts when investigating security incidents?

Cyber Defense Forensics Analysts often encounter challenges such as rapidly evolving attack techniques, encrypted or obfuscated data, and incomplete digital evidence. Analysts must be able to work efficiently under pressure, as time is often critical when responding to incidents. Collaboration with IT, legal, and law enforcement teams is common, requiring strong communication skills to ensure evidence is properly preserved and investigations are thorough. Staying up to date with the latest forensic tools and methodologies is also essential for success in this dynamic field.

What does a Cyber Defense Forensics Analyst do?

A Cyber Defense Forensics Analyst investigates cyberattacks and security breaches to determine how they occurred and who was responsible. They collect, analyze, and preserve digital evidence from computers, networks, and other digital devices. Their findings help organizations understand vulnerabilities, prevent future incidents, and support legal actions if necessary. These professionals work closely with IT teams, law enforcement, and legal experts to ensure accurate and secure handling of sensitive data.
More about Cyber Defense Forensics Analyst jobs
What states have the most Cyber Defense Forensics Analyst jobs? States with the most job openings for Cyber Defense Forensics Analyst jobs include:
What job categories do people searching Cyber Defense Forensics Analyst jobs look for? The top searched job categories for Cyber Defense Forensics Analyst jobs are:
Cyber Defense Forensics Analyst jobs near you
Infographic showing various Cyber Defense Forensics Analyst job openings in the United States as of June 2026, with employment types broken down into 100% Full Time. Highlights an 75% In-person, and 25% Hybrid job distribution, with an average salary of $101,608 per year, or $48.9 per hour.
Cyber Network Defense Analyst (CNDA) IV - Cloud Forensics

Cyber Network Defense Analyst (CNDA) IV - Cloud Forensics

Argo Cyber Systems

Arlington, VA โ€ข On-site

$130K - $160K/yr

Full-time

Posted 24 days ago

Job description

Cyber Network Defense Analyst (CNDA) - Cloud Forensics
Location: Remote / Onsite (as required)
Clearance: Active TS/SCI (DHS EOD eligibility required)
Company: Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB)
About Argo Cyber Systems
Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time.
Position Overview
Argo Cyber Systems is seeking Cyber Network Defense Analysts (CNDA) with deep Cloud Forensics expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams.
Key Responsibilities
  • Conduct end-to-end forensic acquisition and analysis across on-premises, cloud, and hybrid environments (Azure AD/Entra ID, M365, AWS, GCP, SaaS).
  • Investigate identity-based and credential-abuse incidents targeting cloud control planes and hybrid identity infrastructure.
  • Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs).
  • Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.
  • Produce comprehensive technical and executive-level reports, integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.
  • Support continuous improvement of incident response procedures, forensics workflows, and threat-hunting operations.
  • Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.
Required Qualifications
  • U.S. Citizenship and active TS/SCI clearance (with ability to obtain DHS EOD Suitability).
  • Minimum 8 years of hands-on experience conducting digital forensics and incident response (DFIR).
  • Proven expertise in cloud forensics, identity security, and hybrid infrastructure defense.
  • Proficiency in M365/Azure AD, AWS IAM, and SaaS investigative methodologies.
  • Deep understanding of SaaS/PaaS/IaaS architectures, including common attack vectors and defensive measures.
  • Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.
Desired Qualifications
  • Scripting and automation proficiency in PowerShell, Python, Bash, or JavaScript.
  • Familiarity with Terraform, Kubernetes, Docker, CloudFormation, or Azure Resource Manager for automation and orchestration.
  • Understanding of MITRE ATT&CK for Cloud and adversary emulation techniques.
  • Strong communication and collaboration skills for working across multidisciplinary teams.
Education
  • Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or a related field
    or
  • High School Diploma and 10+ years of directly relevant DFIR experience.
Preferred Certifications
  • GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP
  • AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)
Why Argo Cyber Systems
At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.

Apply