Senior DFIR Analyst

DHRM

Chesterfield, Virginia

JOB DETAILS
SKILLS
Amazon Web Services (AWS), Analysis Skills, Autopsy, Campaigns, Centralized Operations/Management, Cloud Computing, Computer Forensics, Computer Security, Continuous Improvement, Customer Relations, Data Collection, Documentation, EnCase, Enterprise Protection, Forensic Science, Government Requirements, Hardware Virtualization, Hunting, Incident Response, Industry Standards, Information Technology & Information Systems, Internet Security, Law Enforcement, Leadership, Legal Documents, Linux Operating System, Malware Analysis, Memory Hardware, Mentoring, Microsoft Active Directory, Microsoft Excel, Microsoft Office, Microsoft Outlook, Microsoft PowerPoint, Microsoft Product Family, Microsoft Windows Azure, Microsoft Windows Operating System, Microsoft Word, Operations, Operations Management, Peace Corps, Ransomware, Regulations, Regulatory Requirements, Reporting Skills, Reverse Engineering, Risk Management, Security Analysis, Security Attacks, Security Monitoring, Splunk, State Laws and Regulations, Technical Leadership, Telemetry, Time Management
LOCATION
Chesterfield, Virginia
POSTED
6 days ago

Title: Senior DFIR Analyst

State Role Title: Info Technology Specialist III

Hiring Range: $120,000 - $140,000

Pay Band: 6

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: https://www.vita.virginia.gov/

Recruitment Type: General Public - G

Job Duties

The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a Senior DFIR Analyst with the Commonwealth Security Risk Management Division.

The purpose of this position is to oversee and manage the daily operations of the Commonwealth of Virginia’s security incident response function within the Virginia Information Technologies Agency (VITA).

The position is responsible for supervising the collection, analysis, and classification of cybersecurity incidents, and for coordinating timely and effective statewide responses to security threats.

This role ensures that incidents are properly triaged, investigated, documented, and communicated in accordance with Commonwealth security policies, standards, and statutory requirements.

The position serves as a primary coordination point between internal VITA security teams, external security organizations, state agencies, and law enforcement entities. It monitors emerging threats, assesses potential impacts to Commonwealth systems, and recommends appropriate mitigation or response actions.

The role also manages the Commonwealth’s computer forensics laboratory and ensures investigative activities are conducted in a secure, authorized, and properly documented manner.

Key responsibilities include collecting and evaluating all computer security incident information; responding to cybersecurity events within the established jurisdiction; assisting agency incident response teams as needed; and ensuring investigations are routed appropriately.

The position also leads efforts in threat tracking, vulnerability monitoring, and security advisory development. It is responsible for disseminating advisories to agencies, gathering agency feedback, and using that input to enhance incident response capabilities, products, and services.

Additionally, the position fulfills multiple liaison functions, serving as a security response liaison across state agencies, with external directorates, with law enforcement partners, and with the Centralized Operations Center.

The role evaluates and reports on Commonwealth threat data and contributes to continuous improvement of the statewide cybersecurity posture through analysis, communication, and interagency coordination.

Join VITA at The Boulders in Richmond, VA, where innovation meets impact! As the Commonwealth’s leading IT agency, we’re connecting, protecting, innovating, and powering Virginia’s digital future through collaboration, creativity, and purpose. Our team thrives in a vibrant, customer-focused environment that values growth, accountability, and forward thinking — all while making technology work for every corner of Virginia.

Minimum Qualifications

Considerable experience performing digital forensics (endpoint, server, cloud, and mobile) including evidence acquisition, preservation, and analysis following defensible forensic methodologies.

Considerable experience analyzing host-based and network-based artifacts (Windows, Linux, memory dumps, disk images, logs, registry data, packet captures, cloud telemetry).

Considerable knowledge of cybersecurity incident response—including triage, scoping, containment, eradication, and recovery—paired with the ability to perform static and behavioral malware analysis to interpret indicators and support effective threat attribution and response.

Considerable knowledge of industry standard DFIR tools (e.g., EnCase, FTK, Cellebrite, Volatility, Autopsy, KAPE, ELK/Splunk, EDR platforms).

Considerable knowledge of adversary TTPs and familiarity with frameworks such as MITRE ATT&CK, threat intelligence consumption, and correlation.

Experience leading or supporting complex investigations involving data exfiltration, insider threats, privilege escalation, ransomware, or advanced persistent threats (APTs).

Knowledge of enterprise scale IT environments, including Active Directory, virtualization, cloud platforms, and common enterprise security controls.

Considerable experience with Microsoft Office productivity products (Excel, Word, PowerPoint, Outlook, Teams).

Experience working with internal and external stakeholders and produce high-quality written reports, executive summaries, and defensible forensic documentation suitable for legal or regulatory review.

Experience with interpretation and application of federal, state laws/regulations/standards/policies.

Additional Considerations

Advanced digital forensics or threat hunting expertise, including deep experience with memory forensics, reverse engineering, development of detection logic and analysis of sophisticated threat actor tradecraft.

Proficiency conducting investigations in cloud environments (Azure, AWS, M365) including log acquisition, identity related forensics, and cloud native threat hunting.

Experience leading incident response engagements involving advanced persistent threats (APTs), zero-day exploitation, or multistage intrusion campaigns.

Knowledge of regulatory, audit, and evidentiary requirements relevant to government environments, including defensible documentation practices.

Demonstrated ability to mentor junior analysts, guide agency ISOs during active incidents, and advise leadership with clear technical recommendations as part of a SOC environment, MSSP or large-scale managed detection and response program.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

The Commonwealth of Virginia welcomes all applicants authorized to work in the United States. Sponsorship is not provided; therefore, applicants must be a citizen or national of the U.S., a Lawful Permanent Resident, or an alien authorized to work.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications, resumes, cover letters, etc. in any other format. Please refer to “Your Application” in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Reasonable accommodations are available to persons with disabilities during the application and/or interview processes per the Americans with Disabilities Act.

VITA is a “Virginia Values Veterans” (V3) official certified state agency that provides hiring preference to Veterans and Members of the Virginia National Guard in support of Executive Order 29, (2010). If you are a Veteran or Virginia National Guard Member, we encourage you to apply and receive preference in the hiring process. AmeriCorps, Peace Corps and other national service alumni also are encouraged to apply.

Contact Information

Name: VITA Human Resources

Phone: Recruitment@vita.virginia.gov

Email: Recruitment@vita.virginia.gov

 

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.

About the Company

D

DHRM