Digital Forensics & Incident Response Analyst Mid-Level

Overview

The Mid-Level DFIR Analyst supports incident response and digital forensics operations for the FBI’s Enterprise Security Operations Center (ESOC). This role focuses on triage, alert analysis, evidence collection, forensic support, and assisting senior staff with containment and remediation of cyber incidents across FBI networks and endpoints. The analyst contributes to maintaining operational readiness, handling forensic tools and data, and supporting threat detection and documentation efforts. This position is aligned with the NIST NICE Work Roles PD-WRL-002 (Digital Forensics) and PD-WRL-003 (Incident Response) and supports cross-functional coordination with mobile threat detection personnel and the watch floor.

This role supports the senior DFIR team by conducting triage, alert analysis, evidence handling, and forensic collection in support of PD-WRL-002/003 mission areas. Works collaboratively with watch floor and mobile teams.

 

This position performs all duties and responsibilities in accordance with the Mission, Vision, and Core Values of Cayuse.

Responsibilities

• Support 24/7 monitoring of FBI networks and systems for cybersecurity incidents, participating in safeguarding national security infrastructures.
• Assist in Watch floor Operations by providing real-time analysis and triage of security events to support the initial response efforts.
• Engage in the investigation and remediation of cyber incidents, supporting the Digital Forensics and Incident Response team in handling sophisticated cyber threats.
• Take part in the Mobile Threat and Detection function, helping identify and respond to threats specific to mobile devices.
• Contribute to the analysis of cyber threat intelligence and apply findings to bolster ESOC's defensive and responsive actions.
• Aid in the creation and continuous refinement of incident response plans, correlating observed cyber threats with response protocols.
• Support efforts in integrating threat intelligence into the Watch floor’s operations, enhancing threat detection and the organization's proactive defenses.
• Participate in post-incident analysis, assisting in identifying root causes, mining lessons learned, and reinforcing security measures.
• Engage in collaborative communication with various ESOC components to facilitate a coordinated and effective incident response.
• Participate in continuous improvement initiatives to refine tools, processes, and strategies based on incident feedback and analysis.
• Assist senior staff in legal and regulatory compliance activities, ensuring the integrity of the forensic process.
• Contribute to training and skill development opportunities for self and other team members.
• Work alongside Watch floor analysts to identify and support staff training needs and recommend skill enhancement strategies. 

• Other duties as assigned.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Minimum of 3 years of relevant experience in direct digital forensics or incident response within a federal agency context.
• Active Top-Secret Clearance with SCI Eligibility.

• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.
• Experience working with the following software:
  • Splunk ES
  • Axiom  - expertise in employing the Axiom Forensics Suite for digital evidence management and investigative processes.
  • FTK
  • Autopsy
  • CrowdStrike Falcon

 

Desired Qualifications:

• Relevant cybersecurity certifications such as GIAC.
• Solid foundation in the principles and practices of digital forensics methodologies and incident handling.
• Familiarity with cybersecurity frameworks, standards, and best practices.

 

Preferred Certifications:

• GIAC Continuous Monitoring Certification (GMON).
• GIAC Certified Incident Handler (GCIH).
• GIAC Certified Forensic Analyst (GCFA).
• GIAC Certified Intrusion Analyst (GCIA).
• GIAC Network Forensic Analyst (GNFA).
• GIAC Cloud Threat Detection (GCTD).
• GIAC Cloud Forensics Responder (GCFR).
• GIAC Advanced Smartphone Forensics Certification (GASF).
• GIAC Mobile Device Security Analyst (GMOB).

 

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.

Pay Range

USD $100,000.00 - USD $140,000.00 /Yr.