Cyber Defense Forensics Analyst

Cyber Defense Forensics Analyst

Job Category: Security
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: Continental US

CCI is seeking a meticulous and experienced Cyber Defense Forensics Analyst to join our specialized team supporting the U.S. Strategic Command (USSTRATCOM) Cybersecurity Service Provider (CSSP). This role aligns with the DoD 8140 Cyber Workforce Framework for Cyber Defense Forensics Analyst (ID: 212) at the Advanced level. The successful candidate will conduct digital forensic examinations, support cyber incident response, investigations, and threat analysis. Responsibilities include evidence acquisition, forensic analysis, malware forensics, data recovery, and reporting. This position requires the ability to work rotating shifts for 24/7 mission support.

The Opportunity:

Join a CACI team where the mission is critical and the culture is paramount. We foster a positive, collaborative, and engaging environment focused on success and growth. Our leadership is committed to:

• Culture: Creating an engaging workplace through gamified cyber concepts, team contests, lunch-and-learn sessions, participation in youth cyber programs, and opportunities to attend industry conventions like DEFCON and BSIDES.
• Training: Promoting lifelong learning with robust training programs aligned with career goals and DoD requirements, including mentorship and resources for mastering forensic techniques and tools.
• Talent Management: Investing in your future with personalized development plans, cross-training, and exploring different roles within CACI to keep you challenged and engaged.

This role offers more than just a job; it’s an opportunity to apply your forensic skills to national security investigations while growing professionally in a supportive environment.

Responsibilities:

• Digital Evidence Acquisition & Preservation: Perform sound collection, imaging, and preservation of digital evidence from various media following strict procedures and legal guidelines.
• Forensic Examination & Analysis: Conduct analysis of file systems, OS, memory dumps, network traffic, and logs to identify intrusion artifacts, malware, and evidence of compromise. Perform timeline, signature, and hash analysis.
• Data Recovery & Carving: Use tools like Foremost and FTK to recover deleted files and artifacts.
• Malware Forensics: Analyze malware samples to understand behavior, indicators, and obfuscation techniques.
• Tool Proficiency: Use forensic tools such as EnCase, FTK, Sleuth Kit, Volatility, HexEdit, Wireshark.
• Reporting & Documentation: Prepare detailed forensic reports, document steps, and ensure compliance with timelines and standards.
• Collaboration & Support: Provide expertise to incident responders and stakeholders, and work with partners to enhance security.
• Security Enhancement & Tuning: Recommend improvements based on findings.
• Threat Hunting: Proactively search for malicious activity using forensic insights.
• Research & Development: Keep current with forensic methodologies, malware trends, and legal considerations.
• Additional Duties: Support mission requirements, potentially providing guidance or training to others.

Qualifications:

• Must possess one of the following certifications: GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), or EnCase Certified Examiner (EnCE).
• Bachelor’s degree in IT, Cybersecurity, Computer Science, or related field.
• At least 5 years of relevant experience, preferably in SOC, CSSP, or forensic labs.
• Deep knowledge of OS internals, file systems, network protocols, and forensic methodologies.
• Proficiency with forensic tools and malware analysis techniques.
• Excellent analytical, problem-solving, and communication skills.
• Willingness to work rotating shifts and hold an active or eligible TS/SCI clearance.

________________________________________________________________________________________

What You Can Expect:

A culture of integrity. At CACI, we prioritize character and innovation, supporting our team’s success and national security missions.

An environment of trust. We value diverse contributions, offer flexible time off, and access to learning resources.

Continuous growth. We aim to advance your career, build on our success, and break new ground together.

Your potential is limitless. So is ours.

Learn more about CACI here.

________________________________________________________________________________________

Pay Range: The salary for this position ranges from $65,000 to $136,500, influenced by location, experience, skills, and other factors. We offer comprehensive benefits including healthcare, wellness, retirement, education, and time off. Learn more here.

CCI is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, veteran status, or other protected characteristics.