Insider Threat / Cyber Forensics Analyst

Description

Leidos thrives on innovation, fueled by the passion and expertise of our talented and diverse teams. We’re committed to customer success, empowering our people, supporting communities, and promoting sustainability. Guided by our Mission, Vision, and Values, we always strive to do the right thing.

We are seeking an Insider Threat/Cyber Forensics Analyst to join our high-performing digital forensics team supporting the Customs and Border Patrol (CBP) Security Operations Center (SOC). The CBP SOC ensures the security of the CBP’s enterprise-wide systems by investigating, mitigating, and reporting suspected or confirmed security incidents.

Your Role: As part of this technical team, you will lead in-depth cyber forensic investigations, insider threat analysis, root cause assessments, and data spillage investigations. You will also manage tools, processes, and evidence custody to safeguard customer systems, networks, and assets. Responsibilities include:

• Conducting digital forensic investigations, threat analysis, and reporting findings in forensically sound formats.
• Analyzing system endpoints (Windows, Linux, Mac, mobile, cloud) and network-based data.
• Supporting enterprise recovery efforts and ensuring incidents are properly remediated.
• Utilizing advanced forensic tools (e.g., FTK, Encase) for malware analysis and memory forensics.
• Developing scripts, security content, and tools to enhance investigations.
• Maintaining forensic lab software and hardware.

Required Skills and Qualifications:

• Bachelor’s degree with 12–15 years of relevant experience in digital forensics and insider threat analysis.
• Strong communication and problem-solving abilities under pressure.
• Experience creating forensically sound reports and conducting in-depth investigations.
• Effective communication skills with emphasis on attention to detail, ability to accurately capture and document technical remediation details, and ability to brief stakeholders on incident statuses, recovery, and root causes.
• Ability to generate forensically sound cyber analysis reports detailing forensically sound analysis procedures, findings, and recommendations from incident investigations.
• Active Top Secret clearance with SCI eligibility.

Preferred Skills:

• Knowledge of Cyber Kill Chain, MITRE ATT&CK, and advanced detection methods.
• Experience scripting in Python, Bash, Visual Basic, or PowerShell.
• Previous experience in Federal, DoD, or law enforcement environments.

Required Certifications (at least one): GCIH, GCFA, GCFE, GREM, CISSP, CHFI, OSCP, or related certifications.

If you’re ready to thrive in a mission-driven environment and contribute to securing critical systems, we’d love to have you join our team!