The Digital Forensics Analyst performs a variety of highly technical analyses and procedures dealing with the collection, processing, preservation, analysis, and presentation of computer-related evidence, and is responsible for disseminating and reporting cyber-related activities, conducting vulnerability analyses and risk management of computer systems and recovering information from computers and data storage devices.
- Will be required to recover information from computers and data storage devices, often working alongside technical security Technicians, Security, Counterintelligence and law enforcement officers helping to solve security issue or find electronic evidence.
- May be required to recover data like documents, photos, and e-mails from computer hard drives and other data storage devices, such as zip and flash drives that have been deleted, damaged or otherwise manipulated.
- Examine computers find evidence of illegal activity.
- Use expertise in a corporate setting to protect computers from infiltration, determine how a computer was broken into or recover lost files.
- Utilize use forensic tools and investigative methods to find specific electronic data, including Internet use history, word processing documents, images and other files, hunt for files and information that may have been hidden, deleted or lost.
- Assist officials, analyze data and evaluate its relevance to the service request.
- Transfer the evidence into a format that can be used for legal purposes.
- Provide network security services for customer to protect against and identify outside threats.
- Perform a full spectrum forensic analysis across multiple types of computer and network devices, Windows/Linux hosts, mobile devices, virtual machines, software, and hardware.
There are no supervisory responsibilities.
Education and/or Experience:
- A bachelor's degree in cyber/digital forensics, computer engineering, computer science, or other closely related IT discipline.
- Equivalent work of eight (8) years' of demonstrated experience may be considered on a case by case basis.
- Demonstrated experience using EnCase and Open Source methods and tools to perform Computer Forensic Investigations.
- Minimum five (5) years of progressively responsible experience performing forensic investigations, malware reverse engineering, cyber security incident response, with a minimum of three (3) years of experience specifically conducting cyber forensic investigations.
- Must meet and maintain Special Access Program (SAP) and Sensitive Compartmented Information (SCI) eligibility.
- Must be certified Information Assurance Technician (IAT) Level 1 IAW DoD Directive 8570.01M within 12 months of hire.
Knowledge, Skills, and Abilities:
- The candidate is expected to stay up-to-date with industry forensics best practices, industry accepted forensic methodologies, in addition to being responsible for the overall quality control of forensic investigations and related case reporting.
Certificates, Licenses, Registrations:
- As required by the contract, must possess appropriate level clearance (Q and TS clearance and SCI eligible).
- All personnel is required to possess an active Department of Energy (DOE) “Q” access authorization to perform under this contract. An active Top Secret clearance from Other Government Agencies, such as Department of Defense (DoD) based upon a single scope background investigation is typically acceptable for clearance reciprocity if the background investigation is less than five (5) years old. It is required that specified personnel have access to Sensitive Compartmented Information (SCI).
- Must be a U.S. Citizen.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is required to be able to occasionally, stand; walk; sit; use hands and /or fingers to handle, or feel objects, tools or controls; operated vehicles and office equipment, reach with hands and arms; climb stairs; balance; stoop; kneel; talk or hear; taste or smell. Physical and psychological capabilities are required which allow him/her to perform activities during sustained periods of intense concentration, working with electrical hazards, under adverse weather conditions, in confined and restricted areas. The ability to climb and work at heights; lift and carry heavy loads of at least 50 pounds;
General office environment.