Cybersecurity Analyst SME DFIR

Cybersecurity Analyst SME – Digital Forensics & Incident Response
Location: Clarksburg WV
Clearance Requirement: Active Top Secret (TS/SCI Preferred)

Job Summary:
Are you a cybersecurity expert with a passion for digital forensics and incident response (DFIR)? Are you looking for a business that you can grow with? Do you thrive in high-security environments, tackling advanced cyber threats and safeguarding critical systems? If so, we want you on our team! We are seeking a Cybersecurity Analyst SME to play a key role in high-priority cybersecurity operations. As a subject matter expert, you'll lead forensic investigations, conduct advanced threat analysis, and develop cutting edge defensive strategies. Your expertise in Splunk Enterprise Security, Axiom Forensics Suite, and advanced forensic tools will be instrumental in protecting classified environments.

What You'll Do:
Digital Forensics & Incident Response (DFIR):
• Lead forensic investigations using top-tier tools like Axiom Forensics Suite, EnCase, X-Ways, FTK, and Autopsy.
• Analyze and respond to security incidents through host-based and network forensics.
• Utilize memory, malware, and forensic analysis tools to identify and mitigate cyber threats.
• Ensure forensic integrity by overseeing artifact collection, preservation, and chain-of-custody processes.
• Develop and refine forensic playbooks and incident response plans to strengthen cyber defenses.

Incident Handling & Threat Detection:
• Uncover and investigate security alerts using Splunk Enterprise Security, ELK Stack, and leading SIEM solutions to detect and mitigate cyber threats.
• Take action in real-time to respond to nation-state attacks, insider threat, and Advanced Persistent Threat (APT) activity.
• Analyze adversary tactics, techniques, and procedures (TTPs) and contribute to cyber threat intelligence (CTI) reports that strengthen security postures.
• Collaborate with top-tier cybersecurity teams, including SOC analysts, law enforcement, and federal agencies, to counter cyber threats.

Network & Cloud Forensics:
· Dissect network intrusions using Suricata, Zeek (Bro), PCAP analysis, and Wireshark to track down malicious activity.
· Trace adversary movements by analyzing firewall logs, VPN activity, and endpoint detection logs.
· Hunt for cloud-based threats in AWS, Azure, and Google Cloud, focusing on S3 data exfiltration, IAM privilege escalation, and Kubernetes security incidents.
· Stay ahead of emerging threats by leveraging cutting-edge cloud forensics and threat detection techniques.

Security & Compliance

• Ensure investigations align with top security frameworks such as NIST 800-61, DFARS, and CJIS to meet compliance standards.
• Recommend security improvements to protect high-value and classified assets from sophisticated cyber threats.
• Provide high-impact executive briefings, translating complex forensic findings into actionable insights for leadership.

What You Bring:
Deep expertise in DFIR with hands-on experience in classified or high-security government environments.
Strong knowledge of cloud security, network intrusion detection, and mobile forensics.
Proficiency with Splunk Enterprise Security, Axiom Forensics Suite, and other advanced forensic tools.
A proactive, analytical mindset with a passion for cybersecurity and threat intelligence.

Be a Disruptor! If you're ready to make a real impact in cybersecurity and work on mission-critical operations, reach out and help us stay ahead of the threat landscape!

Required Skills & Qualifications:
• 10 years of experience in Digital Forensics, Incident Response, and Threat Hunting.
• Strong proficiency in Splunk Enterprise Security, Axiom Forensics Suite, and SIEM threat hunting.
• Experience in network forensics, malware analysis, and host-based forensics.
• Hands-on expertise in forensic tools (e.g., Autopsy, EnCase, X-Ways, FTK, Magnet Axiom, Cellebrite).
• Proficiency with incident response frameworks (NIST 800-61, MITRE ATT&CK, Cyber Kill Chain).
• Experience conducting mobile forensics and memory analysis.
• Familiarity with log analysis, IDS/IPS, cloud security, and adversary emulation.

Preferred Certifications:
Candidates with GIAC or advanced cybersecurity certifications are highly preferred:
• Incident Response & Threat Hunting:
• GIAC Certified Incident Handler (GCIH)
• GIAC Continuous Monitoring (GMON)
• Digital Forensics:
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)
• Network Forensic Analyst (GNFA)
• Cloud Security & Mobile Forensics:
• GIAC Cloud Threat Detection (GCTD)
• Cloud Forensics Responder (GCFR)
• Advanced Smartphone Forensics (GASF)
• Mobile Device Security Analyst (GMOB)