Cyber Forensics Analyst, Mid in Herndon, VA at Booz Allen Hamilton Inc.

Date Posted: 10/26/2018

Job Snapshot

Job Description

Job Number: R0020820

Cyber Forensics Analyst, Mid

Key Role:

Use leading-edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected Cyber intrusions. Follow proper evidence handling procedures and chain of custody protocols. Produce written reports documenting digital forensic findings. Determine programs that have been executed, including finding files that have been changed on disk and in memory. Use timestamps, logs hosts, and network logs to develop authoritative timelines of activity and find evidence of deleted files and hidden data. Identify and document case relevant file-system artifacts, including browser histories, account usage, and USB histories.

Basic Qualifications:

-5+ years of experience with digital forensics

-Experience with creating forensically sound duplicates of evidence, including forensic images to use for data recovery and analysis and performing all-source research for similar or equivalent network events or incidents

-Experience with using timestamps and host and network logs to develop authoritative timelines of activity to find evidence of deleted files and hidden data

-Experience with identifying and documenting case file-system artifacts, including browser histories, account usage, and USB histories

-Experience in assisting with preliminary analysis by tracing an activity to its source and documents findings for input into a forensic report and documenting original condition of digital and associated evidence by taking photographs and collecting hash information
-TS/SCI clearance with a polygraph
-BA or BS degree in Engineering, Computer Science, IT, or Cyber

Additional Qualifications:

-Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell

-Experience with Endpoint Detection and Response tools

-Experience with commonly used forensic toolsets, including EnCase, FTK, or BlackLight

-Active Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Examiner (GCFE), or GIAC Certified Forensic Analyst (GCFA) Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance with polygraph is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.