cFocus Software Incorporated
Malware and Forensic Analyst (Senior)
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
Malware and Forensic Analyst (Senior) – Washington, DC – 100% onsite
cFocus Software seeks a senior Malware and Forensic Analyst to support US Courts in Washington, DC. The role is 100% onsite and requires 80% onsite presence (Monday‑Thursday) at the AOUSC office in Washington, DC.
Responsibilities
Provide digital forensics and incident response support to the AOUSC Security Operations Center (SOC).
Collect, analyze, and evaluate forensic artifacts associated with threat activity against Judiciary networks.
Respond to government technical requests through the AOUSC ITSM ticketing system (e.g., HEAT or ServiceNow) for real‑time incident response (IR).
Create duplicates of evidence and ensure the original evidence is not unintentionally modified.
Analyze forensic artifacts of Windows, Linux, and macOS to discover intrusion elements and identify root cause.
Perform live forensic analysis based on SIEM data (e.g., Splunk).
Conduct Splunk Log analysis and perform filesystem timeline analysis.
Extract deleted data using data‑carving techniques.
Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility).
Document all forensic and malware analysis results in detailed reports.
Requirements
5+ years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes in Windows, Linux, and macOS environments.
5+ years of experience using forensics tools such as Magnet AXIOM, SANS SIFT Workstation, EnCase, Velociraptor, KAPE, Cellebrite, and Azure/Office 365 tools.
Strong ability to create evidence duplicates, extract deleted data, and perform static and dynamic malware analysis.
Must be able to work 80% onsite (Monday‑Thursday) at AOUSC office in Washington, DC.
Certifications (choose one):
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Continuous Monitoring (GMON)
GIAC Defending Advanced Threats (GDAT)
Splunk Core Power User (must obtain within 90 days of starting)
EnCase Certified Examiner
SANS GCFA
Volatility Certified
Experience with cloud‑based and non‑cloud‑based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
Strong written and verbal communication skills (reports, executive summaries, technical details).
Deliverables
Evidence duplication reports and deleted files.
Advanced SME IR reports (24‑hour response for Priority 1 events).
Incident reports with timelines, network, endpoint, and application events.
Forensic investigation reports (table of contents, executive summary, timeline, conclusion).
Malware analysis reports (technical details, persistence mechanisms, conclusion).
All activities, tasks, tickets, and documents tracked in JIRA.
Standard Operating Procedures (SOPs) and playbooks for security use cases.
EEO Statement cFocus Software is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or veteran status.
#J-18808-Ljbffr
Responsibilities
Provide digital forensics and incident response support to the AOUSC Security Operations Center (SOC).
Collect, analyze, and evaluate forensic artifacts associated with threat activity against Judiciary networks.
Respond to government technical requests through the AOUSC ITSM ticketing system (e.g., HEAT or ServiceNow) for real‑time incident response (IR).
Create duplicates of evidence and ensure the original evidence is not unintentionally modified.
Analyze forensic artifacts of Windows, Linux, and macOS to discover intrusion elements and identify root cause.
Perform live forensic analysis based on SIEM data (e.g., Splunk).
Conduct Splunk Log analysis and perform filesystem timeline analysis.
Extract deleted data using data‑carving techniques.
Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility).
Document all forensic and malware analysis results in detailed reports.
Requirements
5+ years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes in Windows, Linux, and macOS environments.
5+ years of experience using forensics tools such as Magnet AXIOM, SANS SIFT Workstation, EnCase, Velociraptor, KAPE, Cellebrite, and Azure/Office 365 tools.
Strong ability to create evidence duplicates, extract deleted data, and perform static and dynamic malware analysis.
Must be able to work 80% onsite (Monday‑Thursday) at AOUSC office in Washington, DC.
Certifications (choose one):
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Continuous Monitoring (GMON)
GIAC Defending Advanced Threats (GDAT)
Splunk Core Power User (must obtain within 90 days of starting)
EnCase Certified Examiner
SANS GCFA
Volatility Certified
Experience with cloud‑based and non‑cloud‑based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
Strong written and verbal communication skills (reports, executive summaries, technical details).
Deliverables
Evidence duplication reports and deleted files.
Advanced SME IR reports (24‑hour response for Priority 1 events).
Incident reports with timelines, network, endpoint, and application events.
Forensic investigation reports (table of contents, executive summary, timeline, conclusion).
Malware analysis reports (technical details, persistence mechanisms, conclusion).
All activities, tasks, tickets, and documents tracked in JIRA.
Standard Operating Procedures (SOPs) and playbooks for security use cases.
EEO Statement cFocus Software is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or veteran status.
#J-18808-Ljbffr