Forensics Analyst Jobs in the United States

BP Energy

$131000 - $200000

Chicago, IL

Analytical Thinking, Brand Management, Communication, Conflict Management, Consulting, Creativity and Innovation, Data Analysis, Decision Making, Employee and labour relations, Ethical judgement, Facilitation, Global Perspective, Industry knowledge and advocacy, Intelligence writing and briefing, Investigations, Issues and Policy Management, Knowledge Sharing, Listening, Managing workforce concerns, Presenting, Resilience, Risk Management, Stakeholder Engagement, Stakeholder Management, Writing skills. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.).

Staffing Solutions USA

$100000 - $125000

New York City, NY

Key Responsibilities: Security Operations Monitoring: Investigate and analyze detections from a diverse set of security tools (NGFW, EDR, NDR, TIP, SIEM) within a high-availability, 24/7/365 operational environment to ensure proactive threat detection and continuous protection. Threat Intelligence and Awareness: Stay informed on emerging and existing threats by analyzing attacker tactics, techniques, and procedures, and reviewing security event reports to proactively strengthen defenses.

The Computer Merchant, LTD.

$80 - $85

Washington, DC

A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in host-based tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, and ticket management in a SOC Operations environment. * While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations.

Leidos

$73450 - $132775

Bethesda, MD

Triage Examiners should be experienced in general linguist operations and Document and Media Exploitation (DOMEX) operations, and are expected to leverage language and analytical skills, as well as advanced computer systems aptitude in addressing triage examination projects. Must have the sufficient language skills, analytic skills, and technical aptitude to gain proficiency with job-required tools and processes (On-the-job training may be provided as needed to address customer-specific needs, with ongoing evaluations throughout train-up period).

West Nyack - THQ

$95000 - $100000

West Nyack, NY

We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services. Coordination and Collaboration: The position requires extensive coordination with various internal departments (e.g., IT, Legal, HR, and public relations) and external entities (such as law enforcement, cybersecurity firms, and regulatory bodies).

Harmonia Holdings Group, LLC

Washington, DC

Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and focused on fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily.

ABM Industries

Dunwoody, GA

This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues. The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise.

BCMC

Arlington, VA

Business Computers Management Consulting Group, LLC (BCMC) is a small business specializing in Information Technology (IT), Cybersecurity, Information Assurance (IA), SOA, Big Data Management, Program Management, and more for Federal, State, and Local agencies. BCMC provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities.

Latham & Watkins LLP

$100000 - $120000

Los Angeles, California

This role will be responsible for managing and ensuring the integrity, security, and accessibility of information across various platforms, while ensuring the integrity and authenticity of electronic data by preserving it in its original form for legal and investigative purposes. We’d love to hear from you if you: Exhibit proficiency in using digital forensics tools such as X-Ways, Nuix Workstation, Axiom, Purview, and FTK for data collection, analysis, and reporting.

Peraton

$104000 - $166000

Herndon, Virginia

Demonstrated expertise in disk/memory forensics, network traffic analysis, cloud artifact collection, and use of forensic toolsets (e.g., EnCase, FTK, X‑WAYS, Volatility, Rekall, Cellebrite, cloud forensics tools). Lead advanced digital forensic investigations across endpoints, networks, and cloud environments: acquire, preserve, and analyze artifacts to reconstruct timelines and determine scope and impact.

Argo Cyber Systems

Arlington, VA

Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs). Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.

Argo Cyber Systems

Arlington, VA

Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs). Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.

Amtrak

$124600 - $161352

Washington, DC

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident.

Noblis

$75000 - $117225

Washington, Washington, DC

We are seeking a Senior Operations Research Analyst with extensive expertise with the Office of the Assistant Secretary of War for Nuclear Deterrence, Chemical, and Biological Defense Policy and Programs/Nuclear Matters (OASW(ND-CBD/NM)) within the Washington DC area to join our team. Compensation at Noblis is determined by various factors, including but not limited to, the combination of education, certifications, knowledge, skills, competencies, and experience, internal and external equity, location, clearance level, as well as contract-specific affordability, organizational requirements and applicable employment laws.

ASSYST, Inc.

Alexandria, VA

ASSYST is seeking an experienced Digital Forensics & Incident Response (DFIR) Analyst to support enterprise cybersecurity operations through advanced threat hunting, digital forensic analysis, and malware investigation. This role will focus on proactive threat detection, forensic investigations, and malware analysis while supporting enterprise incident response operations and insider threat investigations.

Peraton

$104000 - $166000

Chandler, Arizona

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field and 8 years of relevant experience; an additional 4 years will be considered in lieu of the degree requirement. You will support a 24x7 Security Operations Center (SOC) by conducting advanced digital forensics and malware analysis to investigate, contain, and remediate cyber incidents.

KPMG LLP

Seattle, WA

Experience with IDS/IPS, firewalls (Snort, Cisco, Fortigate, Sourcefire), Windows and Unix based systems, LAN/WAN technologies, TCP/IP, OSI model, penetration testing tools (Metasploit, Nmap, Kali), and incident response workflows. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.

Gritter Francona

Ashburn, VA

A minimum of five (5) years of hands-on experience, including recent experience with host-based and network-based security monitoring, forensic tools, SIEM platforms, and endpoint threat detection. The role requires deep technical expertise in forensic tools and methodologies, a solid understanding of incident response, and the ability to lead complex investigations from start to finish.

Core One

Fort Meade, MD

Combine computer science with forensic skills to recover information from computers and storage devices to recover data like documents, photos, and e-mails from computer hard drives and other data storage devices that have been deleted, damaged, or otherwise manipulated. Provide support for CI and CT investigations; research, design, deploy, and lead training events; evaluate emerging forensic technologies; provide operational security assessments and support cyber forensic and cyber security tasks.

Longeviti

Groton, CT

Provide detailed forensic examinations for NCIS cases when computers or other digital media are instruments of crime, DoN computer networks are victims, or when computers or other digital media is used to store data of evidentiary or intelligence value. Conduct complex and high-profile, non-destructive evaluations of target computer systems to determine operating and file systems, stored information, user and program logs, ownership, and access methodology, as well as security features and usage.

Garmin International, Inc.

Olathe, Kansas

Certifications such as SSCP (Systems Security Certified Practitioner), SANS - GREM (GIAC Reverse Engineering), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCIH (GIAC Certified Incident Handler), FTK ACE (AccessData Certified Examiner, EnCase EnCE (Certified Examiner), or similar are highly desirable. Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Business or another relevant field AND a minimum of 5 years of relevant experience OR an equivalent combination of education and relevant experience.

ManTech

Ashburn, VA

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high-impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services. + Certified Information System Security Professional (CISSP) and at least one of the following: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Certified Forensic Analyst (GCFA), SANS GIAC Certified Enterprise Defender (GCED), or other IAT Level III certification.

cFocus Software Incorporated

Washington, DC

cFocus Software seeks a Forensics / Data Specialist to join our program supporting Housing and Urban Development (HUD). Analyze security logs, telemetry, and datasets to identify indicators of compromise (IOCs) and attack patterns.

Culmen International LLC

Remote, undefined

About the Company: Culmen International is committed to enhancing international safety and security, strengthening homeland defense, advancing humanitarian missions, and optimizing government operations. Experience working in an international setting through training foreign scientists, mentoring senior leaders, auditing foreign laboratories or the like.

Peraton

$135000 - $216000

JBSA Lackland, Texas

Required Forensic Certification: One or more of the following - Digital Media Collector (DMC), *Digital Forensic Examiner (DFE), Cyber Crime Investigator (CCI), *Computer Hacking Forensic Investigator (CHFI), International Association of Computer Investigative Specialists (IACIS) certifications: Certified Computer Examiner (CCE) Certified Forensic Computer Examiner (CFCE), *GIAC Certified Forensic Examiner (GCFE), *GIAC Certified Forensic Analyst (GCFA), Certifications related to mobile device forensic tools (e.g. Cellebrite Certified Mobile Examiner (CCME), XRY, Oxygen Forensic® Certified Examiner (OFCE)), Certifications related to computer forensic tools (e.g., EnCase Certified Examiner (EnCE), X- Ways Professional in Evidence Recovery Techniques (X-PERT), Magnet Certified Forensic Examiner (MCFE)), Data recovery or advanced data acquisition related certifications.

bdo consulting

$190000 - $269000

Chicago, IL

Documents, reviews, and analyzes schedules, contracts, change orders, correspondence, daily reports, meeting minutes, monthly reports, and any additional documents related to the project/file . The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions.

Signature Performance, Inc.

$130000 - $160000

Seattle, WA

In the role of Cyber Security Engineer, you will be responsible collecting and correlating security logs, developing threat detection rules and playbooks, investigating security incidents, automating response workflows, and supporting security operations center (SOC) teams to improve an organization's security posture. Our performance-driven philosophy boasts competitive pay and additional position specific incentives, where world-class training and development, resources, and events drive our award-winning culture where everyone thrives.

Booz Allen Hamilton INC.

Bremerton, WA

This PM willwork acrossthe end-to-end product lifecycle, from identifying high-impact AI use cases, such as new patterns to detectliving-of-the-land (LOTL)attacks, and defining the technical roadmap, to collaborating with engineering and data science teams to build trustworthy, auditable features, and finally, partnering with go-to-market teams to ensure the product successfully meets the complex security and audit requirements ofour mostregulated customers. You willexperience theenergyof a start-up,with the resources, mentorship, and stability of an established tech companywhilebeingable to look acrossindustry&capability areas to craftnewoutcomesleveragingthedeep catalog of existing technologyand customersolutions.

H4 Enterprises

Arlington, VA

Insider Threat Information Systems Security - Senior Data Analyst will work closely with the Information Security team, data protection specialists, and incident response teams to prevent, investigate, and manage insider threats. The Insider Threat Information Systems Security - Senior Data Analyst will receive direct government oversight, assignments, and directions from the assigned Government Office/ Program Director, through an assigned team leader.

Nightwing

Sterling, VA

Nightwing provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization.

Markon

$110000 - $230000

Fort Meade, Maryland

If not credited toward education requirement, completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience). The following may also be considered for individuals with in-depth experience that is clearly related to the position: an Associate’s degree plus 7 years of relevant experience; or at least 18 semester hours of military coursework/training in networking, computer science, or cyber topics plus 7 years of relevant experience.

System One

$200000 - $225000

MD, Maryland

PREFERRED QUALIFICATIONSBachelor's degree in a technical field such as Telecommunications, Computer Science, Engineering, Mathematics, Physics, Computer Forensics, Cyber Security, IT, Information Systems, Networking and Telecommunications, or similar. RESPONSIBILITIESYou will help drive critical network exploitation efforts and enable enhanced operational awareness through the following responsibilities: Conduct active and passive reconnaissance to identify network devices, services, and protocols.

Intelliswift Software Inc

Chicago, IL

Education: Bachelor's Degree or higher and 4+ years of relevant work experience in fields such as Fraud Detection, Investigations or Analytics, Financial Analysis, Cybersecurity, Criminal Justice, Digital Forensics, or a related area. High School Diploma or the equivalent and 6+ years of relevant work experience in fields such as Fraud Detection, Investigations or Analytics, Financial Analysis, Cybersecurity, Criminal Justice, Digital Forensics, or a related area.

Node.Digital

Arlington, VA

Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. - Collects network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents.

Jobot

$130000 - $160000

Seal Beach, CA

Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal. Responsible for documenting work activities in activity logs, periodic reports, problem management systems, change management systems, project tracking systems, and other similar systems.

ITrade STEM

Miami, FL

If you're passionate about blockchain technology, have a solid background in crypto investigations, excel in smart contract analysis, and enjoy mentoring others, this is your opportunity to make a difference in the rapidly evolving fields of blockchain analytics and cybersecurity. We are seeking a highly skilled professional to lead advanced blockchain investigations, analyze cryptocurrency transactions, and explore smart contract interactions.

Oxley Enterprises®, Inc.

$92490 - $102790

undefined, WV

Minimum Education: Bachelors degree in computer science, cybersecurity, information technology or related field; Must have or be willing to obtain one of the following certifications: GIAC Certified Incident Handler, EC-Council's Certified Incident Handler (E|CIH), GIAC Certified Incident Handler (GCIH), Incident Handling & Response Professional (IHRP), Certified Computer Security Incident Handler (CSIH), Certified Incident Handling Engineer (CIHE), EC-Council's Certified Ethical Hacker. Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), economic disadvantaged woman-owned (EDWOSB), Small Business Administration Certified 8(a), and small disadvantaged business (SDB) that has 25 years of experience building and delivering quality IT systems and programs.

Aretec Inc

undefined, undefined

Advanced analytical skills to investigate complex attacks and anomalies • Technical expertise across threat hunting, malware analysis, packet analysis, and enterprise logging • Strong communication skills to clearly articulate findings • Leadership and collaboration skills to work in fast-paced cyber environments • Commitment to supporting critical federal missions and national security. Each Threat Hunting Analyst must hold and maintain at least two active certifications, including but not limited to: Security+, GCIH, ISC2 CISSP, GSE, GREM, GAWN, GCIA, GPPA, GSEC, GCED, GSLC, GSNA, GCFA, or other comparable certifications approved in advance by the Security Operations Branch PM.

Peraton

$104000 - $166000

Arlington, Virginia

Conduct digital forensic analysis of various mobile devices, computer systems, and storage media including cloud data, performing digital forensic analysis across various types of cases involving both mobile and non-mobile devices. Experience conducting forensic examinations on mobile and non-mobile digital evidence through the application of recognized scientific practices for the identification, analysis, interpretation, and presentation of digital evidence for criminal, civil, and administrative purposes.

WaveStrong, Inc.

San Jose, CA

Experience with SIEM, EDR, IDS/IPS, or SOAR platforms and knowledge of network protocols, malware behaviors, and security monitoring tools along with analytical, problem-solving, and investigation skills. Digital Forensic Analyst to investigating cyber incidents, performing forensic analysis on digital systems, and supporting threat detection and response activities across enterprise infrastructure.

H&H

$80000 - $100000

New York, NY

With more than 139 years of experience and over 600 professionals across 32 offices nationwide, we combine deep technical expertise with the agility of a privately owned firm. From planning and design through construction, we manage the full project life cycle while continually advancing our capabilities, strengthening our national presence, and investing in the people who power our growth.

Cyber Resource

Richmond, VA, Virginia

VDOT is seeking a highly motivated Security Analyst to support cybersecurity operations within the Operations Technology (OT) environment, with a specific focus on the integration and ongoing monitoring of the Tolling Division's systems. VDOT is seeking a highly motivated Security Analyst to support cybersecurity operations within the Operations Technology (OT) environment, with a specific focus on the integration and ongoing monitoring of the Tolling Division's systems.

Argo Cyber Systems

Arlington, VA

Our mission-driven analysts provide rapid onsite and remote response, advanced forensics, and proactive threat-hunting capabilities across federal civilian networks and high-value assets. Argo Cyber Systems is seeking an experienced Host-Based Systems Analyst III (HBA03) to support DHS HIRT's national incident response and digital forensics operations.

Argo Cyber Systems

Arlington, VA

Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators. Argo Cyber Systems provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.

Carnival Global Brand

Miami, FL

Our portfolio of leading cruise brands includes Carnival Cruise Line, Holland America Line, Princess Cruises and Seabourn in North America; P&O Cruises, and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe; and P&O Cruises in Australia. Develop and implement methods for management and control of access to information resources, and provide in-depth technical assistance relating to the design and implementation of security and controls for networks, distributed systems and operating system platforms.

One Park Financial

Dallas, TX

The Senior Data Protection Analyst will serve as a key technical authority responsible for protecting sensitive customer and company data through advanced monitoring, investigation, and enforcement of Data Loss Prevention policies. This role focuses on preventing unauthorized data exfiltration, monitoring outbound communications, and ensuring compliance with internal data protection policies.

Global Dimensions

Quantico, VA

Provide up to 24/7/365-366 support for the management of the DoD Biometric-Enabled Watchlist (BEWL) and National Level Watchlisting operations, including tasks such as encounter management, nomination support, change/removal requests, RFIs, and other BEWL-related or Watchlisting tasks. Develop deliverables such as, but not limited to, completed intelligence reports, biometric/biographic analysis reports, SIGINT or CELLEX-related analysis reports, DOMEX-derived reports, all-source analysis reports, analytic briefings, RFI responses, training materials, or other future analytical products.

Focused HR Solutions

Dover, Delaware

Key Responsibilities:Security Monitoring: Continuously monitor network traffic, system logs, and other security tools to detect unusual or suspicious activities that could indicate an incident or vulnerability. Log Analysis: Examine logs from a range of sources including firewalls, intrusion detection systems, antivirus software, and system endpoints to identify irregularities that may signal a threat.

Network Designs Inc.

Dahlgren, VA

This role conducts mobile and digital forensic examinations, supports incident response activities, performs packet-level and malware analysis, prepares detailed forensic and technical reports, and assists the Security Office with formatting and reviewing publications, guidelines, and policy documents. The Senior Forensic Technician/Analyst works independently with minimal oversight, may supervise junior analysts, and serves as a senior technical resource supporting cybersecurity operations, risk management activities, network defense, and investigative analysis.

Artech LLC

CHANDLER, AZ

Proficiency in at least three of the following technologies: Splunk, XSOAR, CrowdStrike, FireEye, Google Chronicle, Azure, Twinwave, Akamai. This role is an excellent opportunity for individuals looking to take on more challenging projects or explore opportunities outside their comfort zone.