Forensics Analyst Jobs in the United States

bdo consulting

$190000 - $269000

Chicago, IL

Documents, reviews, and analyzes schedules, contracts, change orders, correspondence, daily reports, meeting minutes, monthly reports, and any additional documents related to the project/file . The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions.

Staffing Solutions USA

$100000 - $125000

New York City, NY

Key Responsibilities: Security Operations Monitoring: Investigate and analyze detections from a diverse set of security tools (NGFW, EDR, NDR, TIP, SIEM) within a high-availability, 24/7/365 operational environment to ensure proactive threat detection and continuous protection. Threat Intelligence and Awareness: Stay informed on emerging and existing threats by analyzing attacker tactics, techniques, and procedures, and reviewing security event reports to proactively strengthen defenses.

The Computer Merchant, LTD.

$80 - $85

Washington, DC

A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in host-based tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, and ticket management in a SOC Operations environment. * While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations.

Leidos

$73450 - $132775

Bethesda, MD

Triage Examiners should be experienced in general linguist operations and Document and Media Exploitation (DOMEX) operations, and are expected to leverage language and analytical skills, as well as advanced computer systems aptitude in addressing triage examination projects. Must have the sufficient language skills, analytic skills, and technical aptitude to gain proficiency with job-required tools and processes (On-the-job training may be provided as needed to address customer-specific needs, with ongoing evaluations throughout train-up period).

West Nyack - THQ

$95000 - $100000

West Nyack, NY

We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services. Coordination and Collaboration: The position requires extensive coordination with various internal departments (e.g., IT, Legal, HR, and public relations) and external entities (such as law enforcement, cybersecurity firms, and regulatory bodies).

Harmonia Holdings Group, LLC

Washington, DC

Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and focused on fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily.

ABM Industries

Dunwoody, GA

This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues. The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise.

BCMC

Arlington, VA

Business Computers Management Consulting Group, LLC (BCMC) is a small business specializing in Information Technology (IT), Cybersecurity, Information Assurance (IA), SOA, Big Data Management, Program Management, and more for Federal, State, and Local agencies. BCMC provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities.

Peraton

$104000 - $166000

Herndon, Virginia

Demonstrated expertise in disk/memory forensics, network traffic analysis, cloud artifact collection, and use of forensic toolsets (e.g., EnCase, FTK, X‑WAYS, Volatility, Rekall, Cellebrite, cloud forensics tools). Lead advanced digital forensic investigations across endpoints, networks, and cloud environments: acquire, preserve, and analyze artifacts to reconstruct timelines and determine scope and impact.

Latham & Watkins LLP

$100000 - $120000

Los Angeles, California

This role will be responsible for managing and ensuring the integrity, security, and accessibility of information across various platforms, while ensuring the integrity and authenticity of electronic data by preserving it in its original form for legal and investigative purposes. We’d love to hear from you if you: Exhibit proficiency in using digital forensics tools such as X-Ways, Nuix Workstation, Axiom, Purview, and FTK for data collection, analysis, and reporting.

Argo Cyber Systems

Arlington, VA

Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs). Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.

Argo Cyber Systems

Arlington, VA

Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs). Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.

Amtrak

$124600 - $161352

Washington, DC

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident.

Noblis

$75000 - $117225

Washington, Washington, DC

We are seeking a Senior Operations Research Analyst with extensive expertise with the Office of the Assistant Secretary of War for Nuclear Deterrence, Chemical, and Biological Defense Policy and Programs/Nuclear Matters (OASW(ND-CBD/NM)) within the Washington DC area to join our team. Compensation at Noblis is determined by various factors, including but not limited to, the combination of education, certifications, knowledge, skills, competencies, and experience, internal and external equity, location, clearance level, as well as contract-specific affordability, organizational requirements and applicable employment laws.

ASSYST, Inc.

Alexandria, VA

ASSYST is seeking an experienced Digital Forensics & Incident Response (DFIR) Analyst to support enterprise cybersecurity operations through advanced threat hunting, digital forensic analysis, and malware investigation. This role will focus on proactive threat detection, forensic investigations, and malware analysis while supporting enterprise incident response operations and insider threat investigations.

Peraton

$104000 - $166000

Chandler, Arizona

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field and 8 years of relevant experience; an additional 4 years will be considered in lieu of the degree requirement. You will support a 24x7 Security Operations Center (SOC) by conducting advanced digital forensics and malware analysis to investigate, contain, and remediate cyber incidents.

KPMG LLP

Seattle, WA

Experience with IDS/IPS, firewalls (Snort, Cisco, Fortigate, Sourcefire), Windows and Unix based systems, LAN/WAN technologies, TCP/IP, OSI model, penetration testing tools (Metasploit, Nmap, Kali), and incident response workflows. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.

Gritter Francona

Ashburn, VA

A minimum of five (5) years of hands-on experience, including recent experience with host-based and network-based security monitoring, forensic tools, SIEM platforms, and endpoint threat detection. The role requires deep technical expertise in forensic tools and methodologies, a solid understanding of incident response, and the ability to lead complex investigations from start to finish.

Core One

Fort Meade, MD

Combine computer science with forensic skills to recover information from computers and storage devices to recover data like documents, photos, and e-mails from computer hard drives and other data storage devices that have been deleted, damaged, or otherwise manipulated. Provide support for CI and CT investigations; research, design, deploy, and lead training events; evaluate emerging forensic technologies; provide operational security assessments and support cyber forensic and cyber security tasks.

Longeviti

Groton, CT

Provide detailed forensic examinations for NCIS cases when computers or other digital media are instruments of crime, DoN computer networks are victims, or when computers or other digital media is used to store data of evidentiary or intelligence value. Conduct complex and high-profile, non-destructive evaluations of target computer systems to determine operating and file systems, stored information, user and program logs, ownership, and access methodology, as well as security features and usage.

Culmen International LLC

Remote, undefined

About the Company: Culmen International is committed to enhancing international safety and security, strengthening homeland defense, advancing humanitarian missions, and optimizing government operations. Experience working in an international setting through training foreign scientists, mentoring senior leaders, auditing foreign laboratories or the like.

ManTech

Ashburn, VA

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high-impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services. + Certified Information System Security Professional (CISSP) and at least one of the following: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Certified Forensic Analyst (GCFA), SANS GIAC Certified Enterprise Defender (GCED), or other IAT Level III certification.

Peraton

$135000 - $216000

Linthicum, Maryland

Required Forensic Certification: One or more of the following - Digital Media Collector (DMC), *Digital Forensic Examiner (DFE), Cyber Crime Investigator (CCI), *Computer Hacking Forensic Investigator (CHFI), International Association of Computer Investigative Specialists (IACIS) certifications: Certified Computer Examiner (CCE) Certified Forensic Computer Examiner (CFCE), *GIAC Certified Forensic Examiner (GCFE), *GIAC Certified Forensic Analyst (GCFA), Certifications related to mobile device forensic tools (e.g. Cellebrite Certified Mobile Examiner (CCME), XRY, Oxygen Forensic® Certified Examiner (OFCE)), Certifications related to computer forensic tools (e.g., EnCase Certified Examiner (EnCE), X- Ways Professional in Evidence Recovery Techniques (X-PERT), Magnet Certified Forensic Examiner (MCFE)), Data recovery or advanced data acquisition related certifications.

Booz Allen Hamilton INC.

Bremerton, WA

This PM willwork acrossthe end-to-end product lifecycle, from identifying high-impact AI use cases, such as new patterns to detectliving-of-the-land (LOTL)attacks, and defining the technical roadmap, to collaborating with engineering and data science teams to build trustworthy, auditable features, and finally, partnering with go-to-market teams to ensure the product successfully meets the complex security and audit requirements ofour mostregulated customers. You willexperience theenergyof a start-up,with the resources, mentorship, and stability of an established tech companywhilebeingable to look acrossindustry&capability areas to craftnewoutcomesleveragingthedeep catalog of existing technologyand customersolutions.

Signature Performance, Inc.

$130000 - $160000

Seattle, WA

In the role of Cyber Security Engineer, you will be responsible collecting and correlating security logs, developing threat detection rules and playbooks, investigating security incidents, automating response workflows, and supporting security operations center (SOC) teams to improve an organization's security posture. Our performance-driven philosophy boasts competitive pay and additional position specific incentives, where world-class training and development, resources, and events drive our award-winning culture where everyone thrives.

H4 Enterprises

Arlington, VA

Insider Threat Information Systems Security - Senior Data Analyst will work closely with the Information Security team, data protection specialists, and incident response teams to prevent, investigate, and manage insider threats. The Insider Threat Information Systems Security - Senior Data Analyst will receive direct government oversight, assignments, and directions from the assigned Government Office/ Program Director, through an assigned team leader.

Nightwing

Sterling, VA

Nightwing provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization.

Markon

$90000 - $150000

Fort Meade, Maryland

If not credited toward education requirement, completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience). The following may also be considered for individuals with in-depth experience that is clearly related to the position: an Associate’s degree plus 7 years of relevant experience; or at least 18 semester hours of military coursework/training in networking, computer science, or cyber topics plus 7 years of relevant experience.

System One

$200000 - $225000

MD, Maryland

PREFERRED QUALIFICATIONSBachelor's degree in a technical field such as Telecommunications, Computer Science, Engineering, Mathematics, Physics, Computer Forensics, Cyber Security, IT, Information Systems, Networking and Telecommunications, or similar. RESPONSIBILITIESYou will help drive critical network exploitation efforts and enable enhanced operational awareness through the following responsibilities: Conduct active and passive reconnaissance to identify network devices, services, and protocols.

Peraton

$104000 - $166000

Arlington, Virginia

Conduct digital forensic analysis of various mobile devices, computer systems, and storage media including cloud data, performing digital forensic analysis across various types of cases involving both mobile and non-mobile devices. Experience conducting forensic examinations on mobile and non-mobile digital evidence through the application of recognized scientific practices for the identification, analysis, interpretation, and presentation of digital evidence for criminal, civil, and administrative purposes.

Intelliswift Software Inc

Chicago, IL

Education: Bachelor's Degree or higher and 4+ years of relevant work experience in fields such as Fraud Detection, Investigations or Analytics, Financial Analysis, Cybersecurity, Criminal Justice, Digital Forensics, or a related area. High School Diploma or the equivalent and 6+ years of relevant work experience in fields such as Fraud Detection, Investigations or Analytics, Financial Analysis, Cybersecurity, Criminal Justice, Digital Forensics, or a related area.

Node.Digital

Arlington, VA

Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. - Collects network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents.

ITrade STEM

Miami, FL

If you're passionate about blockchain technology, have a solid background in crypto investigations, excel in smart contract analysis, and enjoy mentoring others, this is your opportunity to make a difference in the rapidly evolving fields of blockchain analytics and cybersecurity. We are seeking a highly skilled professional to lead advanced blockchain investigations, analyze cryptocurrency transactions, and explore smart contract interactions.

Jobot

$130000 - $160000

Seal Beach, CA

Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal. Responsible for documenting work activities in activity logs, periodic reports, problem management systems, change management systems, project tracking systems, and other similar systems.

Oxley Enterprises®, Inc.

$92490 - $102790

undefined, WV

Minimum Education: Bachelors degree in computer science, cybersecurity, information technology or related field; Must have or be willing to obtain one of the following certifications: GIAC Certified Incident Handler, EC-Council's Certified Incident Handler (E|CIH), GIAC Certified Incident Handler (GCIH), Incident Handling & Response Professional (IHRP), Certified Computer Security Incident Handler (CSIH), Certified Incident Handling Engineer (CIHE), EC-Council's Certified Ethical Hacker. Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), economic disadvantaged woman-owned (EDWOSB), Small Business Administration Certified 8(a), and small disadvantaged business (SDB) that has 25 years of experience building and delivering quality IT systems and programs.

WaveStrong, Inc.

San Jose, CA

Experience with SIEM, EDR, IDS/IPS, or SOAR platforms and knowledge of network protocols, malware behaviors, and security monitoring tools along with analytical, problem-solving, and investigation skills. Digital Forensic Analyst to investigating cyber incidents, performing forensic analysis on digital systems, and supporting threat detection and response activities across enterprise infrastructure.

H&H

$80000 - $100000

New York, NY

With more than 139 years of experience and over 600 professionals across 32 offices nationwide, we combine deep technical expertise with the agility of a privately owned firm. From planning and design through construction, we manage the full project life cycle while continually advancing our capabilities, strengthening our national presence, and investing in the people who power our growth.

Argo Cyber Systems

Arlington, VA

Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators. Argo Cyber Systems provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.

Argo Cyber Systems

Arlington, VA

Our mission-driven analysts provide rapid onsite and remote response, advanced forensics, and proactive threat-hunting capabilities across federal civilian networks and high-value assets. Argo Cyber Systems is seeking an experienced Host-Based Systems Analyst III (HBA03) to support DHS HIRT's national incident response and digital forensics operations.

Cyber Resource

Richmond, VA, Virginia

VDOT is seeking a highly motivated Security Analyst to support cybersecurity operations within the Operations Technology (OT) environment, with a specific focus on the integration and ongoing monitoring of the Tolling Division's systems. VDOT is seeking a highly motivated Security Analyst to support cybersecurity operations within the Operations Technology (OT) environment, with a specific focus on the integration and ongoing monitoring of the Tolling Division's systems.

Cyber Synergy Consulting Group

Washington, DC

The ideal candidate has hands-on experience with enterprise IR tooling-CrowdStrike, FireEye (Trellix), Splunk, NetWitness, and Magnet AXIOM-and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB). Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.

Aretec Inc

undefined, undefined

Advanced analytical skills to investigate complex attacks and anomalies • Technical expertise across threat hunting, malware analysis, packet analysis, and enterprise logging • Strong communication skills to clearly articulate findings • Leadership and collaboration skills to work in fast-paced cyber environments • Commitment to supporting critical federal missions and national security. Each Threat Hunting Analyst must hold and maintain at least two active certifications, including but not limited to: Security+, GCIH, ISC2 CISSP, GSE, GREM, GAWN, GCIA, GPPA, GSEC, GCED, GSLC, GSNA, GCFA, or other comparable certifications approved in advance by the Security Operations Branch PM.

Weeghman & Briggs LLC

$109000 - $264000

Fort Meade, MD

If not credited toward education requirements, completion of military training in a relevant area such as JCAC (Joint Cyber Analysis Course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards relevant experience requirement (i.e., 20- to 24-week courses will count as 6 months of experience; 10-14 weeks will count as 3 months of experience). Education: Degree in Network Engineering, Systems Engineering, Information Technology, or related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Computer Science, Computer Forensics, Cyber Security, Software Engineering, Information Assurance, or Computer Security).

Weeghman & Briggs LLC

Fort Meade, MD

Qualifications: Education: Degree in Network Engineering, Systems Engineering, Information Technology, or related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Computer Science, Computer Forensics, Cyber Security, Software Engineering, Information Assurance, or Computer Security). Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications.

Weeghman & Briggs LLC

$110000 - $264000

Fort Meade, MD

analyze SIGINT and cybersecurity data at multiple levels up and down the OSI network stack and bring a solid understanding of logical/physical IP core infrastructure, communication devices and how they connect to networks, and the traffic movements in a network. Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications.

OneZero Solutions

Washington, DC

Utilize state-of-the-art technologies such as host forensics tools(FTK/Encase), Endpoint Detection and Response tools, log analysis (Elastic), and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically capable across a comprehensive range of cyber mission areas.

Castalia Systems

Arlington, VA

These proactive measures include, but are not limited to, identification of intruder local changes/suspect interactions, isolation, in-depth digital media analysis, consultation with law enforcement or counterintelligence organizations, development of signatures to detect this malicious behavior and development and deployment of eradication tools. Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.

Judge Group

$25 - $30

undefined, undefined

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Accurately document investigation steps, timestamps, artifacts (e.g., logs, IPs, file hashes, screenshots), and decision rationale to support incident response and potential forensic analysis.

TPI Global (formerly Tech Providers, Inc.)

Usually remote, IL

Conduct real-time and historical analysis using the full security suite owned by CNA including Endpoint Protection, SIEM, Firewall, Endpoint Detection & Response, Intrusion Detection Systems, Email Gateway, Web Content Filtering, Network Detection & Response, & Identity Management technology. Typically, a minimum of five years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.

Vectra

Austin, TX

Be a strong voice for your customers across business to identify new detection models, identify new product features, build content for both internal and external customer knowledge bases, and ensure successful Vectra deployments. You will be responsible for monitoring and analyzing security events, responding to incidents, conducting SOC (Security Operations Center) operations, and assisting MDR customers to ensure their needs are met.