Cyber Defense Forensics Analyst

Cyber Defense Forensics Analyst

Job Number: R0229762

As a security operations center analyst, you’re in the middle of the action, responding to and mitigating threats in real time. You are the first line of cyber defense and guide the organization on best practices and security measures.

On our team you will develop network defense skills by monitoring, detecting, and analyzing threats while interacting directly with affected users and leveraging state‑of‑the‑art technologies. When an incident is detected you’ll work with the team to collect data to help incident response mitigate the threat, analyze alerts to determine the scope, and initiate recovery efforts. You will also contribute to assessments and learn to analyze patterns to understand attackers’ goals to stop them from succeeding.

• Monitor, detect, and analyze security threats in real time.
• Collect incident data and support the incident response team.
• Analyze alerts to determine affected systems and initiate recovery.
• Contribute to threat assessments and pattern analysis.
• Maintain knowledge of evolving cyber threats and defensive technologies.

• Experience conducting digital forensics or incident response investigations within classified DoD environments
• Experience with forensic tools such as EnCase, FTK, Autopsy, Cellebrite, Volatility, or X-Ways
• Experience with SIEMS such as Splunk or Arc Sight
• Knowledge of Windows, Linux, and network forensic artifacts, including memory and disk analysis
• Ability to identify, triage, and report events that occur to protect data, information systems, and infrastructure
• Ability to collect, preserve, and analyze evidence in accordance with DoD or federal chain-of-custody standards
• Ability to find trends, patterns, or correlations in security data
• TS/SCI clearance
• HS diploma or GED
• DoD 8140 baseline Level II Certification such as Security+, CySA+, CISSP, or DoD Cyber Workforce Framework Certification

• Experience supporting Cyber Protection Teams (CPTs), Defensive Cyber Operations (DCO), or Air Force cyber missions
• Experience with Elastic, Splunk, Wireshark, or MISP for multi-source data correlation
• Knowledge of malware analysis, reverse engineering, or memory forensics
• Ability to prepare and brief forensic findings to commanders or senior decision-makers
• Bachelor's degree in Digital Forensics, Information Assurance, or Cybersecurity
• GCFA, GCFE, CHFI, or CEH Certifications

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. TS/SCI clearance is required.

At Booz Allen, compensation is determined by factors including location, education, experience, and contract-specific requirements. The projected compensation range for this position is $69,400.00 to $ (annualized USD). This posting will close within 90 days from the posting date.

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.