Digital Forensics Incident Response Analyst with Security Clearance

You will need to login before you can apply for a job.

Employer: MartinFed

Location: Houston

Salary: Competitive

Closing date: 8 May 2025

Sector: IT

Job Role: Digital Forensics

Job Type: Permanent

Founded in 2007 in Huntsville, AL, MartinFed provides the U.S. government with customer–focused, performance–based solutions using technology and an empowered workforce as an engine to drive its customers' missions. Our goal is to attract the best and brightest within their field. We invest in our people because they are our greatest asset. We cultivate our purpose, embody and reflect our core values, and define our culture. Our core values are:

• Be Driven: We are fueled by the hunger to learn more and do more.
• Be Curious: We engage in continuous improvement – never accepting the status quo.
• Be Humble: We seek honest feedback to strengthen our relationships.
• Pursue Excellence: We strive to achieve extraordinary results and do not settle for mediocrity.

Strive for excellence and consider joining our growing team today!

The Digital Forensics Incident Response Analyst provides identification, collection, examination, and analysis of data in support of incident response activities. Responsibilities include investigating policy violations, incident reconstruction, and malware analysis to support internal incident response, counterintelligence, and law enforcement activities.

1. Lead and conduct real–time and historical analysis using security analytics tools and digital forensics tool suites.
2. Perform initial incident triage, forensic imaging, host and network analysis.
3. Determine attacker activity on known compromised systems (intrusion vector, privilege escalation, lateral movement, malware deployment, exfiltration, etc.).
4. Discover, characterize, and assess anomalous network and platform activity on various information systems and networks.
5. Conduct memory analysis to recover crucial case artifacts.
6. Engage in static and dynamic malware analysis to determine its functionality.
7. Research and leverage cybersecurity intelligence sources to improve incident detection and response capabilities.
8. Develop, manage, and maintain a forensic laboratory, including hardware and software.
9. Collaborate with other NASA organizations to support service activities.
10. Assist the Government with oversight and coordination for NASA's response to significant cyber incidents.
11. Produce and present analytics, case reviews, and incident reports to the NASA community and leadership.
12. Provide post-incident recommendations to enhance cybersecurity posture.
13. Develop and maintain SOPs for data collection, forensic examination, reporting, and investigations.

• US Citizen with a DoD Secret Clearance.
• Bachelor's Degree in Computer Science or related field.
• 7–9 years of progressive experience in Information Security.
• At least 3 years' experience in DFIR, SOC, or LEO DF Unit.
• At least 2 years' experience in technical writing and incident response reporting.
• Intermediate industry-recognized certification (GCIH/GCFE/GCFA/GNFA GREM/CFCE/CAWFE/EnCE/CCE).
• Strong experience with Unix/Linux and Windows system administration.
• Experience analyzing logs from endpoints, network devices, and authentication services.
• Experience with forensic tools (AXIOM, FTK, Arsenal Recon, Zimmerman Tools, X–Ways, Ghidra, IDA, Volatility, etc.).
• Knowledge of host-based forensic artifacts across operating systems.
• Understanding of network architecture and protocols, and how threat actors abuse them.
• Experience with cloud investigations (AWS, Azure).
• Experience with static/dynamic malware analysis.
• Strong scripting skills (Python, PowerShell, Bash).
• Knowledge of incident response methodologies and emerging threats.
• Excellent communication skills.

• Master's Degree in Computer Science or related field.
• Deep knowledge of Windows, Mac OS-X, Linux OS and file systems.
• Experience with Windows memory forensics.
• Experience analyzing raw packet captures.

Work is performed in an office environment, sitting at a desk, on-site at NASA Johnson Space Center, involving long periods of computer use and occasional travel. The environment may involve tight deadlines.