ZipRecruiter

Log In

1

Network Forensics Jobs (NOW HIRING)

SAIC

Senior Network Engineer

Chantilly, VA · Hybrid

$106K - $145K/yr

The candidate should be a cybersecurity expert with experience in network forensics, IP address tracking, and mitigation of obscured or falsified IP address origins to ensure accurate identification ...

SAIC

Network Systems Engineer

Chantilly, VA

The candidate should have experience in network forensics, IP address tracking, and mitigation of obscured or falsified IP address origins to ensure accurate identification and enhance investigative ...

New

next page

Showing results 1-20

All JobsNetwork Forensics Jobs

Network Forensics information

See salary details

$22K

$106.6K

$162.5K

How much do network forensics jobs pay per year?

As of Jun 10, 2026, the average yearly pay for network forensics in the United States is $106,570.00, according to ZipRecruiter salary data. Most workers in this role earn between $80,500.00 and $128,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Network Forensics position, and why are they important?

To thrive in Network Forensics, you need strong analytical abilities, in-depth knowledge of networking protocols, cybersecurity concepts, and a degree in computer science or a related field. Familiarity with tools such as Wireshark, EnCase, FTK, and certifications like GCFA or CFCE is highly valuable. Attention to detail, critical thinking, and effective communication skills are essential soft qualities for this role. These skills enable professionals to accurately investigate network incidents, interpret digital evidence, and collaborate efficiently with technical and non-technical stakeholders.

What are the typical day-to-day responsibilities for someone working in Network Forensics?

Network Forensics professionals spend their days analyzing network traffic, identifying security breaches or anomalous activities, and reconstructing the timeline of events using specialized forensic tools. They often collaborate with IT security teams, law enforcement, or legal departments to gather, preserve, and report on digital evidence. Preparing detailed documentation and presenting findings clearly to both technical and non-technical audiences is also a vital part of the job. This role can involve responding to incidents in real time as well as conducting thorough post-incident investigations, making adaptability and a meticulous approach important for success.

What is a Network Forensics job?

A Network Forensics job involves analyzing network traffic to detect, investigate, and mitigate cybersecurity incidents. Professionals in this role collect and examine digital evidence to identify security breaches, malicious activities, or policy violations. They use specialized tools to track intrusions, reconstruct cyberattacks, and support legal proceedings if necessary. This role is crucial for maintaining network security, preventing data breaches, and ensuring compliance with cybersecurity regulations.

More about Network Forensics jobs
What cities are hiring for Network Forensics jobs? Cities with the most Network Forensics job openings:
What are the most commonly searched types of Network Forensics jobs? The most popular types of Network Forensics jobs are:
What states have the most Network Forensics jobs? States with the most job openings for Network Forensics jobs include:
What job categories do people searching Network Forensics jobs look for? The top searched job categories for Network Forensics jobs are:
Network Forensics jobs near you
Infographic showing various Network Forensics job openings in the United States as of June 2026, with employment types broken down into 1% Locum Tenens, 1% As Needed, and 98% Full Time. Highlights an 98% Physical, 1% Hybrid, and 1% Remote job distribution, with an average salary of $106,570 per year, or $51.2 per hour.
Cyber Forensics Analyst - TS/SCI

Cyber Forensics Analyst - TS/SCI

Beyond SOF

Arlington, VA • On-site

Full-time

Posted 23 days ago

Job description

Cyber Forensics Analysts
TS/SCI
Client seeking Cyber Forensics Analysts to support the DHS Hunt and Incident Response Team (HIRT). This team secures the Nation's cyber and communications infrastructure while providing front line response for cyber incidents and hunting for malicious cyber activity. The client, as a prime contractor to DHS, performs HIRT investigations to develop a diagnosis of the severity of breaches. Contract personnel provide front line response for digital forensics/incident response and proactively hunting for malicious cyber activity for this critical customer mission.
Responsibilities:
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
- Collects network device integrity data and analyze for signs of tampering or compromise
- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
- Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence
- Serving as technical forensics liaison to stakeholders and explaining investigation details
Required Skills:
- U.S. Citizenship
- Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability
- 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
- Experience with reconstructing a malicious attack or activity
- Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
- Ability to create forensically sound duplicates of evidence (forensic images)
- Able to write cyber investigative reports documenting forensics findings
- In depth knowledge and experience of:
• identifying different classes and characterization of attacks and attack stages
• CND policies, procedures and regulations
• proactive analysis of systems and networks, to include creating trust levels of critical resources
• system and application security threats and vulnerabilities
• of network topologies, Wi-Fi Networking, and TCP/IP protocols
• Splunk (or other SIEMs)
• Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame
• MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
- Must be able to work collaboratively across physical locations.
Desired Skills:
- Experience and proficiency with the following tools and techniques:
• EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
• EDR Tools: Crowdstrike, Carbon Black, Etc
• Carving and extracting information from PCAP data
• Non-traditional network traffic: Command and Control
• Preserving evidence integrity according to national standards
• Designing cyber security systems and environments in a Linux environment
• Virtualized environments
• Conducting all-source research
Required Education:
8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience
Desired Certifications:
- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Apply