Conduct intrusion-focused digital forensics and communicate findings for complex cyber incidents, while utilizing various forensic tools and maintaining courtroom readiness.
Who We’re Looking For (Position Overview):
We’re looking for an Intrusion Analyst to conduct intrusion-focused digital forensics across host and network evidence, reconstruct attack activity, and communicate findings that can stand up to investigative and legal scrutiny. This role is part of a digital forensics capability supporting complex cyber and computer intrusion cases.
The ideal candidate is a disciplined examiner with strong technical depth, excellent documentation habits, and the ability to explain complex intrusion activity to non-expert audiences.
What Your Day-To-Day Looks Like (Position Responsibilities):
Intrusion-Focused Forensic Analysis
Perform host- and network-based forensic analysis across Windows, Linux, macOS, and mobile platforms.
Examine volatile memory, log exports, and pre-acquired datasets; identify IOCs and adversary TTPs; reconstruct timelines and scope.
Tool-Driven Investigation & Automation
Use forensic and analysis tooling such as Magnet Axiom, X-Ways, FTK, Volatility, Splunk, ELK Stack, and open-source utilities.
Apply scripting/automation (Python, PowerShell, Bash) to accelerate artifact parsing and correlation.
Reporting, Testimony Readiness & Quality
Produce thorough documentation of findings and conclusions; communicate clearly for non-expert audiences.
Successfully complete a mock examination and defend results in a practical courtroom exercise (Government-run).
Operational Support
Support mission needs that may drive irregular hours and location-specific requirements depending on investigative activity.
What You Need to Succeed (Minimum Requirements):
Citizenship & Clearance
U.S. Citizenship required.
Active TS clearance with SCI eligibility required.
Digital Forensics Depth
Demonstrated experience with intrusion-focused forensic analysis across host/network artifacts and multiple OS platforms.
Courtroom-Defensible Communication
Strong writing and verbal communication skills; ability to present findings clearly and defend methodologies.
Ideally, You Also Have (Preferred Qualifications):
Experience supporting rapid response investigative operations that may require extended/irregular hours.
Experience correlating enterprise telemetry sources (security device logs, captures, cloud logs) to identify persistence, escalation, lateral movement, and exfiltration.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Ace your job interview
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
