The Digital Forensics and Incident Response Mid-Level specialist is instrumental in our client’s rigorous cybersecurity tasks that support and complement the senior-level roles. Leveraging specialized training and experience in Digital Forensics, Incident Response, Threat Hunting, and Malware Analysis, this position will engage directly in safeguarding sensitive networks and information systems.

This position performs all duties and responsibilities in accordance with the Mission, Vision, and Core Values of Cayuse.

• Provide real-time analysis and triage of security events to support the initial response efforts.
• Analyze log files from endpoints, EDR systems, firewalls, and servers to identify, contain, and remediate suspicious activity.
• Analyze malicious scripts and code to mitigate potential threats.
• Engage in Threat Hunting operations to proactively identify and mitigate threats.
• Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
• Create system images or capture network settings from information technology environments to preserve as evidence.
• Forensically duplicate digital evidence to use for data recovery and analysis procedures.
• Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
• Contribute to the analysis of cyber threat intelligence and apply findings to bolster ESOC's defensive and responsive actions.
• Post-incident analysis, assisting in identifying root causes, mining lessons learned, and reinforcing security measures.
• Contribute to training and skill development opportunities for self and other team members.
• Develop or refine policies and requirements for data collection, processing, and reporting.
• Recommend cyber defense software or hardware to support responses to cyber incidents.
• Adhere to legal policies and procedures related to handling digital media.
• Stay current on emerging threats, atack techniques, and vulnerabilities.
• Write and execute scripts to automate tasks, such as parsing large data files.
• Write cyber defense recommendations, reports, or white papers using research or experience.
• Write technical summaries to report findings.

• Bachelor's degree (or equivalent experience) in Cybersecurity, Information Technology, or a related field.
• Minimum of 3 years of relevant experience in direct digital forensics or incident response within a federal agency context.
• Active Top-Secret Clearance with SCI Eligibility.
• Must be able to pass a background check and CI Polygraph. May require additional background checks as required by projects and/or clients at any time during employment.
• Skilled in the use of Incident Response tools such as Splunk Enterprise Security, Microsoft Defender for Endpoint, for conducting sophisticated cyber incident monitoring and analysis.
• Well-versed in employing forensic tools and suites such as Magnet Axiom, FTK, Cellebrite Physical Analyzer, Kape, Eric Zimmerman Tools to support investigative processes.
• Adept at conducting open-source research to identify and understand active or potential threats.
• Highly regarded certifications for this position include, but are not limited to:
• • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Cloud Threat Detection (GCTD)
  • GIAC Cloud Forensics Responder (GCFR)
  • GIAC Advanced Smartphone Forensics Certification (GASF)
  • GIAC Mobile Device Security Analyst (GMOB)
• Must possess problem-solving skills.
• Exceptional communication skills, both oral and written.
• Must be able to work effectively in a high-stress environment during critical incidents and be adaptable to a dynamic operational speed.
• Ability to respond effectively to customers with a sense of urgency.
• Proficient in Microsoft and Adobe toolsets, including Excel, Word, PowerPoint, Acrobat, etc.
• Highly motivated with the ability to handle and manage multiple tasks at any one time.
• Ability to forge new relationships with both individuals and teams.
• Must be a self-starter, that can work independently and as part of a team.

Desired Qualifications:

• Relevant cybersecurity certifications such as GIAC.
• Solid foundation in the principles and practices of digital forensics methodologies and incident handling.
• Familiarity with cybersecurity frameworks, standards, and best practices.
• Experience with malware analysis and reverse engineering.
• Scripting, coding, and query language experience (Bash, PowerShell, KQL, SPL, Python, etc)
• Experience conducting Incident Response in AWS Cloud environments.

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Reports to:  Lead Senior Digital Forensic Incident Response Analyst

Working Conditions

• Professional office environment.
• Ability to work on-site at our client’s facility.
• Must be physically and mentally able to perform duties extended periods of time.
• Able to work from 8:00am to 5:00pm Central Standard time.
• The role requires 24/7 coverage, including nights, weekends, and holidays. This is accomplished through the forwarding of calls during on-call rotation between team members as assigned to provide continual coverage. On-call coverage assignments will be coordinated with program leadership.
• Must be able to work effectively in a high-stress environment during critical incidents and be adaptable to a dynamic operational tempo.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.
• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.