Digital Forensics Engineer Jobs (NOW HIRING)

Digital Forensics Engineer Position Title: Digital Forensics Engineer
Program: SBA Enterprise Cybersecurity Services (ECS)Position SummaryThe Digital Forensics Engineer supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by providing advanced digital forensics, incident response, cyber investigation, evidence preservation, malware analysis, and e-discovery support services. 
The Digital Forensics Engineer conducts complex forensic examinations involving workstations, servers, cloud platforms, mobile devices, email systems, network traffic, and enterprise applications in support of cybersecurity investigations, incident response activities, insider threat investigations, legal support actions, and enterprise cyber defense operations. The role supports 24x7x365 Security Operations Center (SOC) functions and coordinates closely with federal stakeholders, incident responders, threat hunters, legal teams, privacy personnel, and law enforcement partners.Essential Duties and Responsibilities

• Perform advanced digital forensic analysis and investigations in support of SBA ECS cybersecurity operations requirements.
• Support Task Areas 3.5.3 and 3.5.3.6 by conducting forensic examinations related to cybersecurity incidents, insider threats, malware infections, unauthorized access, and data exfiltration.
• Collect, preserve, analyze, and document digital evidence in accordance with federal forensic standards and chain-of-custody procedures.
• Perform host-based, network-based, cloud-based, and mobile device forensic investigations across enterprise environments.
• Conduct forensic acquisition and analysis of Windows, Linux, macOS, cloud, virtualized, and hybrid systems.
• Analyze endpoint telemetry, security logs, network packet captures (PCAP), SIEM data, and forensic artifacts to identify indicators of compromise (IOCs) and adversary activity.
• Support incident response activities by reconstructing attack timelines, determining root cause, identifying attack vectors, and assessing operational impact.
• Perform malware analysis and reverse engineering support activities to identify malicious behaviors, persistence mechanisms, and command-and-control communications.
• Support e-discovery operations including collection, indexing, preservation, processing, and review of electronically stored information (ESI).
• Conduct forensic examinations supporting legal, Inspector General (IG), Human Resources (HR), insider threat, privacy, and law enforcement investigations.
• Utilize forensic and cyber defense tools including EnCase, FTK, Velociraptor, Wireshark, Volatility, Splunk, Microsoft Defender, Sentinel, and endpoint detection and response (EDR) platforms.
• Perform memory analysis, disk analysis, registry analysis, browser artifact analysis, and log correlation activities.
• Develop forensic reports, technical findings, evidentiary documentation, executive briefings, and remediation recommendations.
• Maintain detailed forensic documentation, evidence handling procedures, and chain-of-custody records.
• Support cybersecurity monitoring, detection, containment, eradication, and recovery activities within the SOC environment.
• Coordinate with SOC analysts, incident responders, threat hunters, engineers, and federal stakeholders during cyber investigations and breach response activities.
• Support continuous improvement of forensic methodologies, investigative procedures, and cybersecurity operational capabilities.
• Assist with the development and maintenance of digital forensic playbooks, standard operating procedures (SOPs), and incident handling guidance aligned with NIST SP 800-61 and NIST SP 800-86.
• Research emerging cyber threats, adversary tactics, techniques, and procedures (TTPs), and evolving forensic technologies.
• Support federal cybersecurity compliance requirements, reporting activities, and operational readiness initiatives.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Digital Forensics, Information Assurance, Information Technology, or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 8 years of experience supporting digital forensics, cyber investigations, incident response, cybersecurity operations, or Security Operations Center (SOC) environments.
• Hands-on experience conducting enterprise-level forensic investigations and evidence analysis.
• Experience with forensic acquisition and analysis tools including EnCase, FTK, X-Ways, Velociraptor, Volatility, or equivalent technologies.
• Experience analyzing Windows, Linux, cloud, mobile, and network forensic artifacts.
• Knowledge of incident response methodologies, MITRE ATT&CK framework, cyber kill chain concepts, and adversary TTP analysis.
• Experience supporting legal hold, e-discovery, insider threat, and regulatory investigation activities.
• Experience with SIEM, EDR, IDS/IPS, packet analysis, and security monitoring technologies.
• Strong understanding of NIST cybersecurity standards including NIST SP 800-61 and NIST SP 800-86.
• Ability to prepare technical forensic reports and present investigative findings to technical and executive stakeholders.
• Strong analytical, investigative, communication, and technical documentation skills.

Preferred Certifications

• GIAC Certified Forensic Analyst (GCFA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Certified Incident Handler (GCIH)
• EnCase Certified Examiner (EnCE)
• Certified Computer Examiner (CCE)
• Certified Ethical Hacker (CEH)
• CompTIA CySA+
• CompTIA Security+
• Certified Information Systems Security Professional (CISSP)

Powered by JazzHR

6HY6JyRiD8