Digital Forensics and Incident Analyst
Agile Defense · Washington, DC
Apply & track with Apply EdgeAbout Agile Defense At Agile Defense we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next. Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.DescriptionThe Digital Forensics & Incident Analyst supports the Threat Analysis & Investigations (TA&I) function, analyzing digital evidence and investigating computer security incidents to derive information that supports system and network vulnerability mitigation. The analyst provides Tier 2 and Tier 3 support to the enterprise Security Operations Center (SOC) and coordinates with partner/enterprise security operations centers as required for incident response and advanced analysis. Aligned to the NICE Framework, the role identifies, collects, examines, and preserves digital evidence using controlled and documented analytical and investigative techniques in support of authorized requesting authorities — including oversight bodies, legal and general counsel offices, professional-responsibility offices, FOIA requests, and law enforcement partners. The analyst conducts digital analysis in response to investigations of computer-based crimes and cyber-intrusion incidents, leveraging enterprise forensic and live-monitoring tools while rigorously maintaining chain of custody. Incoming requests are logged into a case management application, and the analyst performs the analytical function supporting the appropriate authorities.Essential FunctionsAnalyze log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion. (T0027)Confirm what is known about an intrusion and discover new information via dynamic analysis. (T0036)Provide technical summaries of findings in accordance with established reporting procedures, and deliver written analysis reports to requesting customers. (T0075)Examine recovered data for information relevant to the matter at hand. (T0103)Perform file signature analysis (T0167) and file system forensic analysis across implementations such as NTFS, FAT, and EXT. (T0286)Collect and analyze intrusion artifacts (e.g., source code, malware, system configuration) and use discovered data to enable mitigation of potential cyber defense incidents. (T0432)Conduct malware analysis in the event of a compromise, identify obfuscation techniques, and interpret debugging results to ascertain adversary tactics, techniques, and proceduresDetermine the extent of threats and recommend courses of action or countermeasures to mitigate risk; analyze crises to ensure public, personal, and resource protectionIdentify data concealment methods (e.g., encryption algorithms, steganography) and conduct memory dumps to extract informationConduct security event analysis and correlation using enterprise tooling, and apply network security architecture concepts (topology, protocols, components, defense-in-depth) to forensic analysisDetermine physical computer components and architectures, conduct physical disassembly of systems, and identify/modify/manipulate system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files)Apply system administration, network, and operating-system hardening techniques, and use virtual machines (e.g., Hyper-V, VMware vSphere, Citrix Xen, Amazon EC2) in the course of analysisConduct hashing for chain-of-custody and validation (e.g., SHA, MD5) and preserve evidence integrity according to standard operating procedures or national standardsSupport the full evidence lifecycle — collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody — and interpret insider-threat investigations, reporting, tools, and applicable laws/regulationsProvide legal governance related to admissibility (e.g., Rules of Evidence) and advise on applicable laws and statutes (e.g., Titles 10, 18, 32, and 50, U.S. Code), Presidential Directives, and executive/administrative/criminal guidelinesProvide risk-management recommendations and apply knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacySupport forensic application updates and replacements as technology changes; develop workflow diagrams and requirements for continued case management application growth; and support contingency and recovery planning for enterprise forensic and case management applicationsSupport solution evaluation and piloting — identify key technology components, review and update the System Design Document, assist the ISSO with assessment and authorization (A&A) functions to establish Authority to Test, pilot components to a limited user community, and deliver findings and recommendations to the TA&I Program Manager and staff for reviewQualificationsU.S. citizenship and an active Top Secret (TS) security clearanceBachelor's degree in Cybersecurity, Computer Science, Digital Forensics, Information Systems, or a related field (additional experience may substitute for degree)7 years of hands-on digital forensics and incident response (DFIR) experience, ideally in federal or otherwise regulated environmentsRequired certifications: CFIA and CFIH.Demonstrated expertise with industry-standard forensic and analysis tools (e.g., EnCase, FTK, Autopsy/The Sleuth Kit, X-Ways, Volatility, Wireshark, YARA, and malware reverse-engineering tools such as Ghidra or IDA Pro)Strong command of Windows, Unix, and Linux internals; file systems (NTFS, FAT, EXT); virtualization; and SIEM/event-correlation platformsWorking knowledge of the NICE Framework, NIST guidance, MITRE ATT&CK, chain-of-custody standards, and Rules of EvidenceExcellent technical writing and the ability to present findings clearly to legal, oversight, and investigative authoritiesOur Core Values Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are. Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.Honest - Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.Humble - Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.Hungry - Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.Hustle - Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success. Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesWe may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.