Orange County CA
Salary :
$91,624.00 - $123,136.00 Annually Location :
Santa Ana, CA Job Type:
Full-Time Remote Employment:
Flexible/Hybrid Job Number:
7976GE-0825-017 (O) Department:
County Executive Office Division/Service Area:
CEO - OCIT Shared Services Opening Date:
08/14/2025 Closing Date:
8/28/2025 11:59 PM Pacific
CAREER DESCRIPTION eDiscovery & Forensics Analyst
(Information Technologist II) OPEN TO THE PUBLIC
This recruitment will establish an open eligible list that will be used to fill current and future Information Technologist II positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange. DEADLINE TO APPLY This recruitment will be open for a minimum of five (5) business days and will close on
Thursday, August 28, 2025 at 11:59pm (PST). ORANGE COUNTY INFORMATION TECHNOLOGY The mission of (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.
Click for more information on OCIT Click for more information on the County of Orange.
THE OPPORTUNITY The Orange County Information Technology (OCIT) - Enterprise Privacy & Cybersecurity Security team is seeking a highly organized and experienced individual who can provide cybersecurity and digital forensics support in a fast-paced environment. This position requires strong analytical and comprehension skills with written and communication experience. The candidate must be able to perform a variety of analysis and research, lead technical projects, and interact with customers (County employees and contractors) for eDiscovery tools. This position directly reports to the eDiscovery & Forensics Manager.
The eDiscovery & Forensics Analyst's duties and responsibilities include the following:
Maintaining and administering eDiscovery case management system; collaborate with departments and vendors for training and feature enhancements Coordinating eDiscovery cases: preserve, collect, process, and review data across email systems, servers, endpoints, and cloud platforms Implementing security and backup/recovery processes; apply patches, configure systems, and monitor performance Installing and configuring software, write scripts or utilities, and develop automated reports Providing expert guidance and user support related to eDiscovery tools, case management, digital evidence testimonials, investigation methodologies, and other tools Translate technical findings and digital evidence into clear, actionable reports and training for non-technical stakeholders Utilizing digital evidence and forensic tools to image devices, recover deleted files, and prepare forensic reports for legal, audit, and investigative teams Supporting legal hold processes and associated documentation to ensure defensible preservation of data Developing and maintaining standard operation procedures (SOPs), checklists, and guidance on documents for forensic and eDiscovery processes Monitoring and auditing system logs, access records, and chain-of-custody logs to ensure compliance with internal policies and legal standards Maintaining integrity of the evidence room by enforcing strict chain-of-custody protocols and access logging Utilizing project organization management including scheduling, milestones, deliverables to achieve successful outcomes Collaborating and communicating with IT teams across multiple agencies, legal counsel, custodians of records, and HR for digital data/evidence collection, legal holds execution, and preservation of digital data/assets DESIRABLE QUALIFICATIONS AND CORE COMPETENCIES In addition to the minimum qualifications, the ideal candidate will possess at least two (2) years of work experience performing systems analysis/administration involving evidence collection, platform administration, tool usage, or a combination of the above.
A certification in one of the following is strongly preferred but not required:
Forensic: EnCE (EnCase Certified Examiner), GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst), CCE (Certified Computer Examiner), or equivalent eDiscovery: Relativity Certified Administrator, CEDS (Certified eDiscovery Specialist) Security: Security+, CISSP (Certified Information Systems Security Professional) The ideal candidate will have experience in the following competencies:
Technical Knowledge
| Technical Expertise
Analyzing, maintaining and administering network, server, desktop, and application components within the forensics infrastructure environment Experience with scripting languages: PowerShell or Python Understanding of forensic methodologies, eDiscovery lifecycle, chain-of custody and familiarity with applicable laws, regulations, and organizational policies (i.e. PRA, CJIS, HIPAA, etc.) Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects Understanding of information security architecture, information security technologies, tools, appliances, practices and controls Utilizing technical project management methodology Evaluating new forensic and eDiscovery tools or techniques to enhance efficiency, accuracy, or automation Analyzing digital evidence to ensure defensible preservation of data Utilizing information security architecture, information security technologies, tools, practices, and controls Knowledge/background in system analysis concepts and principles Relationship Building | Interpersonal Skills
Collaborating and interacting with various levels of staff, including office support staff, supervisors, managers and executives Building collaborative partnerships with private and public Agencies, Departments, Organizations, and communities Working with various organizational units in order to meet the Enterprise Security team goals and missions
Oral | Written Communication Skills
Preparing and orally presenting program training and support information to various groups Communicating, coordinating, and collaborating with County agencies to ensure effective service delivery Translating and developing technical findings into clear, actionable reports and documentation for non-technical stakeholders LICENSE REQUIREMENT Possession of a California Class C Driver License is Required.
MINIMUM QUALIFICATIONS
Please click for details on this classification, including the physical, mental, environmental and working conditions.
SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.
RECRUITMENT PROCESS Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition. Application Screening (Refer/Non-Refer) Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step.
Structured Oral Interview | SOI (Weighted 100%)
Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list. Eligible List Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.
Based on the Department's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure.
Veterans Employment Preference The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click to review the policy. ADDITIONAL INFORMATION
EMAIL NOTIFICATION Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.
NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.
Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at
www.governmentjobs.com
FREQUENTLY ASKED QUESTIONS
Click
here
for additional Frequently Asked Questions.
For specific information pertaining to this recruitment, contact Joanna Xue at or (714)-834-7338. EEO INFORMATION Orange County, as an equal employment opportunity employer, encourages applicants from diverse backg
rounds to apply. Non-Management Benefits In addition to the County's standard suite of benefits, such as a variety of health plan options, annual leave and paid holidays--we also offer an excellent array of benefits such as a Health Care Reimbursement Account, 457 Defined Contribution Plan and Annual Education and Professional Reimbursement. Employees are provided a Retirement Plan through the Orange County Employees Retirement System Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits. Click for information about benefits offered to County of Orange employees. 01
INSTRUCTIONS: The information you provide on this questionnaire will be evaluated and used to determine your level of expertise during the selection process. Be as specific as possible and include all information requested. If you do not have experience in an area, please answer "N/A". Statements such as "see application" or "see resume," will not be accepted in lieu of a response. All employers referenced on this questionnaire must be listed on your application. Do you understand these instructions?
Yes
02
I understand that as part of the selection process for positions within OCIT, I will be required to undergo an extensive background investigation including but not limited to contacting my current and/or previous employers, reference checks, criminal searches, verification of credentials, review of credit history. Any falsification of information or failure to meet the standards listed above will result in my disqualification.
I acknowledge that I have read and understand the information listed above
03
Which of the following best describes your qualifications for the eDiscovery & Forensics Analyst (Information Technologist II) position? Note: Your education/experience sections of your application should support your selection below.
Two (2) or more years as an Information Technologist I for Orange County Two (2) or more years of experience performing systems analysis, maintenance, administration One (1) year of experience performing systems analysis, maintenance, administration AND I have college level education or training directly related to the competencies and attributes required of the position. Experience may be substituted for up to one year of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience I have a Masters degree or training which is directly related to the competencies and attributes required of the position. Experience may be substituted for up to two years of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience None of the above
04
Based on your response to question #3, if you are substituting relevant education for the required experience as defined in the Information Technologist II minimum qualifications, you are acknowledging that you attached a copy of your unofficial transcripts to your application. Foreign degrees require an evaluation of U.S. equivalency by an agency that is a member of the National Association of Credential Services (N.A.C.E.S).
I am substituting relevant education for the required experience and I have attached my unofficial transcript to my application I do not possess an applicable education or this does not apply
05
Please select the certification(s) you possess.
EnCE (EnCase Certified Examiner) GCFE (GIAC Certified Forensic Examiner) GCFA (GIAC Certified Forensic Analyst) CCE (Certified Computer Examiner) Relativity Certified Administrator CEDS (Certified eDiscovery Specialist) Security+ CISSP (Certified Information Systems Security Professional) None of the above
06
Please select the scripting languages you have experience in.
PowerShell Python None of the above
07
Which of the following best describes your length of experience in the scripting languages PowerShell or Python?
Two (2) or more years of scripting language experience with PowerShell or Python Less than two (2) years of scripting language experience with PowerShell or Python None of the above
08
Please describe your experience conducting digital forensic investigations. Be sure to include the types of cases you've worked on, the forensic tools you've used, and the processes or methodologies you follow when handling digital evidence. If none, please type "N/A". 09
Please describe your experience managing and conducting eDiscovery searches. Be sure to include details on the scope of your involvement, any tools or platforms you've used, and how you ensure legal and procedural compliance through the eDiscovery lifecycle. If none, please type "N/A". Required Question
$91,624.00 - $123,136.00 Annually Location :
Santa Ana, CA Job Type:
Full-Time Remote Employment:
Flexible/Hybrid Job Number:
7976GE-0825-017 (O) Department:
County Executive Office Division/Service Area:
CEO - OCIT Shared Services Opening Date:
08/14/2025 Closing Date:
8/28/2025 11:59 PM Pacific
CAREER DESCRIPTION eDiscovery & Forensics Analyst
(Information Technologist II) OPEN TO THE PUBLIC
This recruitment will establish an open eligible list that will be used to fill current and future Information Technologist II positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange. DEADLINE TO APPLY This recruitment will be open for a minimum of five (5) business days and will close on
Thursday, August 28, 2025 at 11:59pm (PST). ORANGE COUNTY INFORMATION TECHNOLOGY The mission of (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.
Click for more information on OCIT Click for more information on the County of Orange.
THE OPPORTUNITY The Orange County Information Technology (OCIT) - Enterprise Privacy & Cybersecurity Security team is seeking a highly organized and experienced individual who can provide cybersecurity and digital forensics support in a fast-paced environment. This position requires strong analytical and comprehension skills with written and communication experience. The candidate must be able to perform a variety of analysis and research, lead technical projects, and interact with customers (County employees and contractors) for eDiscovery tools. This position directly reports to the eDiscovery & Forensics Manager.
The eDiscovery & Forensics Analyst's duties and responsibilities include the following:
Maintaining and administering eDiscovery case management system; collaborate with departments and vendors for training and feature enhancements Coordinating eDiscovery cases: preserve, collect, process, and review data across email systems, servers, endpoints, and cloud platforms Implementing security and backup/recovery processes; apply patches, configure systems, and monitor performance Installing and configuring software, write scripts or utilities, and develop automated reports Providing expert guidance and user support related to eDiscovery tools, case management, digital evidence testimonials, investigation methodologies, and other tools Translate technical findings and digital evidence into clear, actionable reports and training for non-technical stakeholders Utilizing digital evidence and forensic tools to image devices, recover deleted files, and prepare forensic reports for legal, audit, and investigative teams Supporting legal hold processes and associated documentation to ensure defensible preservation of data Developing and maintaining standard operation procedures (SOPs), checklists, and guidance on documents for forensic and eDiscovery processes Monitoring and auditing system logs, access records, and chain-of-custody logs to ensure compliance with internal policies and legal standards Maintaining integrity of the evidence room by enforcing strict chain-of-custody protocols and access logging Utilizing project organization management including scheduling, milestones, deliverables to achieve successful outcomes Collaborating and communicating with IT teams across multiple agencies, legal counsel, custodians of records, and HR for digital data/evidence collection, legal holds execution, and preservation of digital data/assets DESIRABLE QUALIFICATIONS AND CORE COMPETENCIES In addition to the minimum qualifications, the ideal candidate will possess at least two (2) years of work experience performing systems analysis/administration involving evidence collection, platform administration, tool usage, or a combination of the above.
A certification in one of the following is strongly preferred but not required:
Forensic: EnCE (EnCase Certified Examiner), GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst), CCE (Certified Computer Examiner), or equivalent eDiscovery: Relativity Certified Administrator, CEDS (Certified eDiscovery Specialist) Security: Security+, CISSP (Certified Information Systems Security Professional) The ideal candidate will have experience in the following competencies:
Technical Knowledge
| Technical Expertise
Analyzing, maintaining and administering network, server, desktop, and application components within the forensics infrastructure environment Experience with scripting languages: PowerShell or Python Understanding of forensic methodologies, eDiscovery lifecycle, chain-of custody and familiarity with applicable laws, regulations, and organizational policies (i.e. PRA, CJIS, HIPAA, etc.) Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects Understanding of information security architecture, information security technologies, tools, appliances, practices and controls Utilizing technical project management methodology Evaluating new forensic and eDiscovery tools or techniques to enhance efficiency, accuracy, or automation Analyzing digital evidence to ensure defensible preservation of data Utilizing information security architecture, information security technologies, tools, practices, and controls Knowledge/background in system analysis concepts and principles Relationship Building | Interpersonal Skills
Collaborating and interacting with various levels of staff, including office support staff, supervisors, managers and executives Building collaborative partnerships with private and public Agencies, Departments, Organizations, and communities Working with various organizational units in order to meet the Enterprise Security team goals and missions
Oral | Written Communication Skills
Preparing and orally presenting program training and support information to various groups Communicating, coordinating, and collaborating with County agencies to ensure effective service delivery Translating and developing technical findings into clear, actionable reports and documentation for non-technical stakeholders LICENSE REQUIREMENT Possession of a California Class C Driver License is Required.
MINIMUM QUALIFICATIONS
Please click for details on this classification, including the physical, mental, environmental and working conditions.
SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.
RECRUITMENT PROCESS Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition. Application Screening (Refer/Non-Refer) Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step.
Structured Oral Interview | SOI (Weighted 100%)
Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list. Eligible List Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.
Based on the Department's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure.
Veterans Employment Preference The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click to review the policy. ADDITIONAL INFORMATION
EMAIL NOTIFICATION Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.
NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.
Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at
www.governmentjobs.com
FREQUENTLY ASKED QUESTIONS
Click
here
for additional Frequently Asked Questions.
For specific information pertaining to this recruitment, contact Joanna Xue at or (714)-834-7338. EEO INFORMATION Orange County, as an equal employment opportunity employer, encourages applicants from diverse backg
rounds to apply. Non-Management Benefits In addition to the County's standard suite of benefits, such as a variety of health plan options, annual leave and paid holidays--we also offer an excellent array of benefits such as a Health Care Reimbursement Account, 457 Defined Contribution Plan and Annual Education and Professional Reimbursement. Employees are provided a Retirement Plan through the Orange County Employees Retirement System Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits. Click for information about benefits offered to County of Orange employees. 01
INSTRUCTIONS: The information you provide on this questionnaire will be evaluated and used to determine your level of expertise during the selection process. Be as specific as possible and include all information requested. If you do not have experience in an area, please answer "N/A". Statements such as "see application" or "see resume," will not be accepted in lieu of a response. All employers referenced on this questionnaire must be listed on your application. Do you understand these instructions?
Yes
02
I understand that as part of the selection process for positions within OCIT, I will be required to undergo an extensive background investigation including but not limited to contacting my current and/or previous employers, reference checks, criminal searches, verification of credentials, review of credit history. Any falsification of information or failure to meet the standards listed above will result in my disqualification.
I acknowledge that I have read and understand the information listed above
03
Which of the following best describes your qualifications for the eDiscovery & Forensics Analyst (Information Technologist II) position? Note: Your education/experience sections of your application should support your selection below.
Two (2) or more years as an Information Technologist I for Orange County Two (2) or more years of experience performing systems analysis, maintenance, administration One (1) year of experience performing systems analysis, maintenance, administration AND I have college level education or training directly related to the competencies and attributes required of the position. Experience may be substituted for up to one year of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience I have a Masters degree or training which is directly related to the competencies and attributes required of the position. Experience may be substituted for up to two years of the required experience at the rate of three semester units or the equivalent, equaling one month of experience and one hour of training equaling one hour of experience None of the above
04
Based on your response to question #3, if you are substituting relevant education for the required experience as defined in the Information Technologist II minimum qualifications, you are acknowledging that you attached a copy of your unofficial transcripts to your application. Foreign degrees require an evaluation of U.S. equivalency by an agency that is a member of the National Association of Credential Services (N.A.C.E.S).
I am substituting relevant education for the required experience and I have attached my unofficial transcript to my application I do not possess an applicable education or this does not apply
05
Please select the certification(s) you possess.
EnCE (EnCase Certified Examiner) GCFE (GIAC Certified Forensic Examiner) GCFA (GIAC Certified Forensic Analyst) CCE (Certified Computer Examiner) Relativity Certified Administrator CEDS (Certified eDiscovery Specialist) Security+ CISSP (Certified Information Systems Security Professional) None of the above
06
Please select the scripting languages you have experience in.
PowerShell Python None of the above
07
Which of the following best describes your length of experience in the scripting languages PowerShell or Python?
Two (2) or more years of scripting language experience with PowerShell or Python Less than two (2) years of scripting language experience with PowerShell or Python None of the above
08
Please describe your experience conducting digital forensic investigations. Be sure to include the types of cases you've worked on, the forensic tools you've used, and the processes or methodologies you follow when handling digital evidence. If none, please type "N/A". 09
Please describe your experience managing and conducting eDiscovery searches. Be sure to include details on the scope of your involvement, any tools or platforms you've used, and how you ensure legal and procedural compliance through the eDiscovery lifecycle. If none, please type "N/A". Required Question