Cyber Cloud Forensic Analyst (CFA) SME

Join to apply for the Cyber Cloud Forensic Analyst (CFA) SME role at Gray Tier Technologies, LLC.

Gray Tier Technologies is seeking highly motivated Network Forensics or Cloud Security Engineers for a Cloud Forensics Analyst (CFA) SME position supporting the Department of Homeland Security (DHS) Hunt and Incident Response Team (HIRT). This team secures the nation’s cyber infrastructure and responds to cyber incidents with proactive hunting and rapid incident response using advanced cybersecurity analysis capabilities.

This role offers opportunities for training and career growth in cloud forensics, with the potential to develop skills in digital forensics, incident response, and cloud security. Candidates with a cyber aptitude, a desire to learn, and a strong work ethic are encouraged to apply, regardless of specific certifications or education at the outset.

1. Acquire and collect computer artifacts (malware, user activity, link files) during onsite engagements.
2. Triage electronic devices and assess evidentiary value.
3. Correlate forensic findings with network events to develop intrusion narratives.
4. Document system states (e.g., processes, network connections) prior to imaging.
5. Perform forensic triage to determine scope, urgency, and impact.
6. Track and document analysis from start to resolution.
7. Collect, analyze, preserve, and present digital evidence.
8. Coordinate with government and customer personnel to validate alerts and findings.
9. Analyze forensic images and evidence for reports and documentation.
10. Assist in documenting and publishing cybersecurity guidance and reports.

• U.S. Citizenship and active TS/SCI clearance.
• Ability to obtain DHS Entry on Duty (EOD) suitability.
• 8+ years of relevant experience in cyber forensic investigations with industry-standard tools.
• Deep understanding of SaaS, PaaS, IaaS in cloud environments.
• Experience creating forensically sound evidence duplicates and writing investigative reports.
• Proficiency in analyzing cyber attacks and maintaining chain of custody procedures.
• Knowledge of attack classes, system vulnerabilities, and proactive analysis techniques.
• Proficiency with Linux/Unix and Windows operating systems.

• Knowledge of M365/Azure authentication strategies and threat actor targeting methods.
• Experience with IT operations, including networking, virtualization, security, and data management.
• Experience in digital evidence collection from onsite and cloud platforms.
• Understanding of APIs, PowerShell, Bash, Python, and automation scripting.
• Ability to develop tools and configurations in Azure environments.
• Understanding of Azure/M365 security and platform protection.

• Bachelor’s degree in Computer Science, Cybersecurity, or related fields, or equivalent experience.
• Certifications such as GCFA, GCIH, CISSP, AWS certifications, or Microsoft Azure certifications are desirable but not mandatory; training will be provided.

Position level: Mid-Senior, Full-time, in Arlington, VA. Industry focus: Computer and Network Security.