Defensive Cyber Operations Forensic Analyst Tier III

DCO Watch Forensics Analyst Tier 3  North Charleston, SC   Secret Clearance, with ability to obtain TS/SCI       As a Tier 3 Defensive Cyber Operations (DCO) Watch Forensics Analyst, you will be responsible for leading complex digital forensic investigations on compromised systems across both unclassified and classified networks.

You will be responsible for the entire forensic lifecycle, including the collection and preservation of digital evidence, in-depth analysis of host and network artifacts to determine the timeline and scope of intrusions, and the creation of detailed Forensic Summary Reports (FSRs).

You will leverage deep technical expertise in file systems, operating system internals, and memory analysis to uncover evidence of attacker activity, support large-scale incident response campaigns, and provide actionable intelligence to enhance detection and mitigation strategies.   Position Requirements and Duties   Examine system, software, security, and user hives for evidence of program execution, USB usage, network connections, and user activity  Execute forensic imaging of computers and storage media  Acquire and analyze digital evidence using industry-standard forensic tools and techniques on Windows and Linux systems including prefetch, jump lists,  shellbags, and other operating system specific artifacts  Acquire and analyze memory captures to recover additional artifacts and evidence  Decode and interpret various file formats and digital communications  In-depth understanding of digital forensic methodologies, incident response workflows, and forensic tools  Perform advanced network and host-based digital forensics on Windows and other operating systems to support incident investigations  Coordinate with reporting agencies and subscriber sites to ensure comprehensive analysis and reporting of significant incidents  Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and other directives  Provide 24/7 support for incident response during non-core hours, and mentor junior analysts  Lead program reviews, product evaluations, and onsite certification evaluations  Overtime may be required to support incident response actions (Surge).   Up to 10% travel may be required, may include international travel  Must maintain a current US passport   Minimum Qualifications   Bachelor’s Degree in relevant discipline and 3 years or at least 8 years of experience working in a CSSP, SOC, or similar environment  At least 2 years of hands-on experience conducting digital forensic investigations utilizing enterprise forensic suites (e.g., EnCase, FTK, Axiom, etc) to acquire, preserve, and analyze evidence from Windows and/or Linux systems  At least 1 year of experience performing detailed host-based and/or memory forensics by utilizing frameworks such as Volatility or Rekall to identify running processes, network connections, and injected code   Must be a U.S.

Citizen   Desired Qualifications   Extensive experience with Digital Forensics across multiple operating systems   Demonstrated expert-level knowledge of Incident Response Procedures   Expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis   Experience conducting forensic investigations in cloud environments, including analysis of cloud-native logs and acquisition of virtual machine snapshots  Proficiency in scripting (e.g., using Python, PowerShell) to automate forensic tasks, such as parsing custom log formats, automating timeline creation, or bulk-analyzing artifacts  Possession of a recognized digital forensics certification, such as GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), EnCase Certified Examiner (EnCE), or AccessData Certified Examiner (ACE)  Demonstrated passion for digital forensics through active participation in DFIR-focused challenges on platforms such as CyberDefenders, BlueTeamLabs Online, or the "Sherlocks" category on Hack The Box  Required Certifications  Must have DoD 8570 IAT Level II and CSSP IR compliant certifications   Company Overview Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems.

Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers’ business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.

Summary of Benefits Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan. 401k Retirement Plan with Matching Contribution is immediately available and vested.

Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.

Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.

Employee Assistance Program:

• Counseling/legal assistance and other employee well-being programs are also offered.


• Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities.
• Adapt Forward’s Veteran/Disability Affirmative Action Plan narrative section is available for inspection upon request during normal business hours at the Human Resources office and may be requested by contacting Human Resources at HR@adaptforward.com.
• Powered by JazzHR