Malware and Forensic Analyst (Senior)

Company: cFocus Software Incorporated
Location: Washington
Posted on: June 1, 2025

Job Description:

cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. This position has remote capabilities.Required Qualifications include:

• 5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)
• 5 years of experience utilizing the following forensics tools:
• Magnet AXIOM to acquire, analyze, and report on digital evidence;
• SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis;
• Encase to collect, analyze, and report on digital evidence;
• Velociraptor to collect and analyze data from multiple endpoints;
• KAPE (Eric Zimmerman's tools) to collect and process files;
• SUMURI TALINO Workstations/Laptops
• Cellebrite
• Bi-Weekly Threat Assessment Reports (BTARs)
• Must have ability to perform required forensics/malware analyst duties, including:
• Create duplicates of evidence that ensure the original evidence is not unintentionally modified;
• Extracting deleted data using data carving techniques;
• Performing static and dynamic malware analysis to discover indicators of compromise (IOCs);
• Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DCDesired Qualifications include:
• One of the following certifications:
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Continuous Monitoring (GMON)
• GIAC Defending Advanced Threats (GDAT)
• Splunk Core Power User
• EnCase Certified Examiner
• Sans GCFA
• Volatility CertifiedDuties:
• Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks.
• Accept and respond to government technical requests through the AOUSC ITSM ticket for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR).
• Create duplicates of evidence that ensure the original evidence is not unintentionally modified.
• Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
• Perform live forensic analysis based on SIEM data (e.g., Splunk).
• Perform filesystem timeline analysis for inclusion in forensic report.
• Extract deleted data using data carving techniques.
• Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
• Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
• Analyze memory images to identify malicious patterns using Judiciary tools (e.g., Volatility).Deliverables:
• Image Duplication: Duplication of evidence for processing by multiple analysts.
• Deleted Files: Deleted files supplied to requestor.
• Advanced SME IR Reports: Timely Advanced SME IR Support for Priority 1 Security Events.
• Incident Reports: All forensic reports include a timeline.
• Forensic Reports: Document the results of a forensic investigation.
• Malware Analysis Reports: Document the results of analyzing a specific malware specimen.
• Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
• Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases.
  #J-18808-Ljbffr

Keywords: cFocus Software Incorporated, Washington DC , Malware and Forensic Analyst (Senior), Professions , Washington, DC