Apply on Employer Site

Adapt Forward · 16 hours ago

Defensive Cyber Operations Forensic Analyst Tier III

North Charleston, SC

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. As a Tier 3 Defensive Cyber Operations Watch Forensics Analyst, you will lead complex digital forensic investigations on compromised systems, ensuring the collection and preservation of digital evidence while providing actionable intelligence to enhance detection and mitigation strategies.

ComputerCyber SecurityNetwork Security

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Examine system, software, security, and user hives for evidence of program execution, USB usage, network connections, and user activity

Execute forensic imaging of computers and storage media

Acquire and analyze digital evidence using industry-standard forensic tools and techniques on Windows and Linux systems including prefetch, jump lists, shellbags, and other operating system specific artifacts

Acquire and analyze memory captures to recover additional artifacts and evidence

Decode and interpret various file formats and digital communications

In-depth understanding of digital forensic methodologies, incident response workflows, and forensic tools

Perform advanced network and host-based digital forensics on Windows and other operating systems to support incident investigations

Coordinate with reporting agencies and subscriber sites to ensure comprehensive analysis and reporting of significant incidents

Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and other directives

Provide 24/7 support for incident response during non-core hours, and mentor junior analysts

Lead program reviews, product evaluations, and onsite certification evaluations

Overtime may be required to support incident response actions (Surge)

Up to 10% travel may be required, may include international travel

Must maintain a current US passport

Qualification

Digital ForensicsIncident ResponseForensic ToolsMemory AnalysisScriptingCloud ForensicsForensic CertificationsTeam LeadershipDocumentationCommunication Skills

Required

Bachelor's Degree in relevant discipline and 3 years or at least 8 years of experience working in a CSSP, SOC, or similar environment

At least 2 years of hands-on experience conducting digital forensic investigations utilizing enterprise forensic suites (e.g., EnCase, FTK, Axiom, etc) to acquire, preserve, and analyze evidence from Windows and/or Linux systems

At least 1 year of experience performing detailed host-based and/or memory forensics by utilizing frameworks such as Volatility or Rekall to identify running processes, network connections, and injected code

Must be a U.S. Citizen

Must have DoD 8570 IAT Level II and CSSP IR compliant certifications

Secret Clearance, with ability to obtain TS/SCI

Preferred

Extensive experience with Digital Forensics across multiple operating systems

Demonstrated expert-level knowledge of Incident Response Procedures

Expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis

Experience conducting forensic investigations in cloud environments, including analysis of cloud-native logs and acquisition of virtual machine snapshots

Proficiency in scripting (e.g., using Python, PowerShell) to automate forensic tasks, such as parsing custom log formats, automating timeline creation, or bulk-analyzing artifacts

Possession of a recognized digital forensics certification, such as GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), EnCase Certified Examiner (EnCE), or AccessData Certified Examiner (ACE)

Demonstrated passion for digital forensics through active participation in DFIR-focused challenges on platforms such as CyberDefenders, BlueTeamLabs Online, or the 'Sherlocks' category on Hack The Box

Benefits

Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.

401k Retirement Plan with Matching Contribution is immediately available and vested.

Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.

Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.

Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.