Job Description

cFocus Software seeks a Forensic and Malware Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• Five (5) years within IR in a large SOC (over 5,000 endpoints) with at least 3 years focused on digital forensics for Operating System or file systems. 
• Three (3) years of demonstrated expertise in disk, memory and registry analysis using industry standard tools such as EnCase, FTK, X-Ways, Volatility. 
• Demonstrated understanding of file systems and Operating System artifacts including but not limited to (SRUM, Shellbags and Prefetch). 
• Familiarity with federal evidence guidelines and chain of custody requirements. 
• This role aligns with NICE work role PD-WRL-002 (Digital Forensics). 
• Active GCFA, GREM, CFCE, or OSED certification

Duties:

• Lead digital forensics and malware analysis activities in support of AOUSC Security Operations Division (SOD) operations.
• Provide advanced subject matter expertise for forensic investigations involving Windows, Linux, macOS, cloud, and enterprise environments.
• Perform static and dynamic malware analysis to identify indicators of compromise (IOCs), attacker tactics, techniques, and procedures (TTPs), and root cause.
• Analyze forensic artifacts, memory images, endpoint telemetry, SIEM data, and filesystem timelines to identify malicious activity and intrusion vectors.
• Coordinate with Cybersecurity Triage and Incident Response teams to support investigation, escalation, containment, remediation, and recovery activities.
• Conduct live forensic analysis utilizing Splunk Enterprise Security, Microsoft Sentinel, EDR tools, and AO-provided investigative tooling.
• Collect, preserve, duplicate, and maintain digital evidence in accordance with forensic evidence handling and chain-of-custody procedures.
• Develop forensic reports, malware analysis reports, incident artifacts, and technical documentation in accordance with Judiciary SOC Forensics SOPs and JSOCIRP requirements.
• Provide real-time investigative support for Priority 1 and Priority 2 cybersecurity incidents.
• Support analysis of advanced persistent threats (APT), ransomware, phishing campaigns, malicious scripts, and suspicious binaries.
• Perform memory analysis using approved forensic tools such as Volatility and other Judiciary-approved forensic platforms.
• Extract deleted or hidden data using forensic data carving and recovery techniques.
• Conduct analysis of endpoint, network, identity, and cloud telemetry to support incident investigations and threat hunting operations.
• Coordinate escalation and communication of investigative findings to AO leadership, incident responders, SOC management, and federal staff.
• Review and validate forensic and malware analysis deliverables to ensure technical accuracy, completeness, and compliance with SLA requirements.
• Develop and maintain forensic analysis procedures, malware analysis SOPs, investigative work instructions, and operational playbooks.
• Support enterprise security awareness reporting by contributing forensic findings, threat trends, and investigative recommendations.
• Participate in weekly technical meetings, operational briefings, and cybersecurity reporting activities.
• Support continuous process improvement initiatives related to digital forensics, malware analysis, investigative workflows, and incident response operations.
• Assist in transition-in and transition-out activities including knowledge transfer, operational readiness, training, and documentation support.

Job Tags

Full time, Work at office

Similar Jobs