Digital Forensics & Incident Response (DFIR) Senior-Level

Overview

This senior-level DFIR analyst is responsible for leading advanced cyber incident investigations and providing hands-on support across all requirements for digital forensics and incident response. The position includes proactive detection, incident triage, root cause determination, threat containment, evidence collection, and post-incident analysis—spanning enterprise networks, endpoints, cloud systems, and mobile platforms. The analyst will lead system- and network-based forensic examinations, root cause analyses, and reverse engineering efforts across on-prem and cloud environments. This position will support the incident containment and remediation objectives, participate in the development of incident response planning, integrate threat intelligence, and deliver structured reports to support legal and regulatory compliance. The position aligns with NIST NICE Work Roles PD-WRL-002 (Digital Forensics) and PD-WRL-003 (Incident Response), supporting forensic readiness, legal compliance, and response resiliency in classified federal environments.

This position performs all duties and responsibilities in accordance with the Mission, Vision, and Core Values of Cayuse.

Responsibilities

• Conduct end-to-end forensic analysis on systems, networks, mobile platforms, and cloud infrastructure to determine the scope, root cause, and impact of cyber incidents.
• Analyze and triage alerts from multiple data sources to identify true positives and prioritize incident response based on severity, mission risk, and operational continuity.
• Lead the development and refinement of incident response playbooks; support red team/blue team exercises and post-incident reviews to drive defensive improvement.
• Execute malware analysis and memory forensics; reverse engineer binaries and extract IOCs to support real-time threat mitigation and strategic defense posture.
• Maintain strict chain-of-custody protocols and ensure compliance with all legal, regulatory, and policy-driven standards across federal forensic investigations.
• Mentor and support mid-level forensic staff; contribute to integration of threat intelligence across detection systems, IR workflows, and organizational reporting.

• Other duties as assigned.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• At least 5 years of experience in direct digital forensics or incident response within a federal government context.
• Active Top-Secret Clearance with SCI Eligibility.

 

Desired Qualifications:

• Master's degree or advanced certifications in Cybersecurity or Digital Forensics.
• Additional specialized certifications in digital forensics and incident handling.

 

Preferred Certifications:

• GIAC Continuous Monitoring Certification (GMON).
• GIAC Certified Incident Handler (GCIH).
• GIAC Certified Forensic Analyst (GCFA).
• GIAC Certified Intrusion Analyst (GCIA).
• GIAC Network Forensic Analyst (GNFA).
• GIAC Cloud Threat Detection (GCTD).
• GIAC Cloud Forensics Responder (GCFR).
• GIAC Advanced Smartphone Forensics Certification (GASF).
• GIAC Mobile Device Security Analyst (GMOB).

 

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.

Pay Range

USD $135,000.00 - USD $170,000.00 /Yr.