Access Control, Affirmative Action, Analysis Skills, Artificial Intelligence (AI), Autopsy, Chain of Custody, Cloud Computing, Computer Forensics, Computer Network Defense (CND), Computer Science, Documentation, EnCase, Establish Priorities, Federal Government, File Systems, Forensic Science, GCFA - GIAC Certified Forensic Analyst, GCIH - GIAC Certified Incident Handler, GIAC - Global Information Assurance Certification, Government, Health Insurance, Hunting, Incident Response, Industry Standards, Information/Data Security (InfoSec), Internet Security, Intrusion Detection Systems, Legal, Legal Standards, Linux Operating System, Maintain Compliance, Malware, Malware Analysis, Memory Hardware, Microsoft Windows Operating System, Microsoft Windows System Administration, Mobile Devices, Netflow, Network Performance/Analysis, Network Traffic Analysis, Operational Measurement, Operations Security (OPSEC), Organizational Development/Management, Quality Assurance Methodology, Security Analysis, Sensitive Compartmented Information (SCI), Sensitive Compartmented Information Facility (SCIF), Small Business, Software Evaluation, Software Testing, Systems Administration/Management, Systems Analysis, Technical Delivery, Technical Leadership, Technology Analysis, Top Secret Clearance, Validation Testing, Wireshark (Ethereal)
Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.
We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.
Lead Cyber Defense Forensics Analyst
Location: Onsite – Government-controlled secure facility
Terms: Full-time
Clearance: Active Top Secret/SCI required
Travel: 0-10%
Project Description
This position serves as the senior forensic practitioner on a federal enterprise cybersecurity program operating within government-controlled secure facilities. The forensics function supports the full cyber defense mission — conducting complex digital forensic investigations, driving incident response analysis, and contributing to threat hunt operations at the classified level. This is a hands-on technical lead role, not an organizational management position.
The core challenge: leading forensic investigations of the highest technical complexity within a classified environment — setting the analytic standard, producing legally defensible findings, and ensuring that forensic work directly informs and accelerates the program's incident response and threat hunt capabilities.
Position Description
As Lead Cyber Defense Forensics Analyst at Revolutional, you are the program's most senior forensic practitioner. You own the most complex investigations, set the technical standard for forensic methodology, and serve as the subject matter authority on computer forensics, network analysis, and evidentiary handling across the cyber defense mission. You work alongside — not above — the SOC Chief, contributing deep technical expertise where it matters most: inside the investigation.
You bring 5 to 7 years of hands-on experience across digital forensics, incident response, and threat hunting, and you operate in full alignment with the NICE Cybersecurity Workforce Framework Cyber Defense Forensics Analyst role (IN-FOR-002). Your core competencies span Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis — and you apply all of them under classified conditions, within government-controlled secure facilities, every day.
Responsibilities
- Lead digital forensic investigations of the highest technical complexity; conduct end-to-end analysis from evidence acquisition through findings documentation within classified, government-controlled secure facilities
- Perform host-based forensic analysis: disk and memory acquisition, file system examination, artifact recovery, malware triage, and attack timeline reconstruction across Windows and Linux environments
- Conduct network forensic analysis: packet capture review, NetFlow correlation, log analysis, and identification of lateral movement, exfiltration, and command-and-control activity
- Maintain strict chain of custody for all evidence collected and handled; ensure all forensic work meets applicable federal legal and evidentiary standards
- Provide direct analytical support to incident response operations; contribute forensic findings that drive containment, eradication, and recovery decisions in real time
- Support threat hunt activities with forensic analysis: investigate hunt leads, validate hypotheses, and extract IOCs that feed detection improvements
- Apply Software Testing and Evaluation methodology to validate forensic tools and assess new capabilities before operational deployment
- Apply system administration knowledge across Windows and Linux environments to scope investigations, interpret artifacts, and assess attacker activity accurately
- Apply Threat Analysis tradecraft to map forensic findings to adversary TTPs using MITRE ATT&CK and other structured frameworks
- Produce thorough, legally defensible forensic reports documenting methodology, findings, evidence handling, and recommended response actions
- Maintain current awareness of adversary tradecraft, malware families, forensic evasion techniques, and emerging investigation methodologies
- Ensure compliance with NICE Cybersecurity Workforce Framework IN-FOR-002 role definition and associated role-based training requirements
What You Bring (Requirements)
Baseline Requirements
- Bachelor's degree in Computer Science, Digital Forensics, Information Security, or related field (or equivalent experience)
- 5 to 7 years of hands-on experience in digital forensics, incident response, and threat hunting, with demonstrated lead-level technical proficiency
- Active Top Secret/SCI clearance (Final) required
- Must work onsite within a government-controlled secure facility
Technical & Domain Capabilities
- Expert-level Computer Forensics: disk and memory acquisition, file system and artifact analysis, malware triage, timeline reconstruction, and chain of custody management to legal and evidentiary standards
- Core competency in Computer Network Defense: intrusion detection, alert triage, network traffic analysis, and defensive posture assessment applied to forensic investigation scoping and findings
- Experience with Software Testing and Evaluation applied to forensic tool validation, capability testing, and pre-deployment assessment of new investigation technologies
- Working knowledge of System Administration across Windows and Linux environments sufficient to accurately scope investigations, interpret system artifacts, and reconstruct attacker activity
- Core competency in Threat Analysis: MITRE ATT&CK-based TTP mapping, threat actor profiling, and structured analytic frameworks applied to forensic findings
- Proficiency with industry-standard forensic tools: EnCase, FTK, Autopsy, Volatility, Wireshark, or equivalent
- Experience operating within the NICE Cybersecurity Workforce Framework IN-FOR-002 role definition; current on applicable role-based training requirements
Core Strengths
- Technically elite forensic practitioner — your investigations are thorough, your methodology is sound, and your findings hold up under legal and operational scrutiny
- Analytically independent: you take complex, ambiguous investigations and drive them to conclusion without needing the situation pre-defined
- Rigorous in classified environments — chain of custody, access controls, and handling requirements are instinctive, not procedural
- Effective technical contributor to incident response and threat hunt teams; your forensic findings accelerate the broader mission, not just your own workstream
Certifications
One or more of the following is required or strongly preferred:
- GCFA (GIAC Certified Forensic Analyst), GCFE (GIAC Certified Forensic Examiner), EnCE (EnCase Certified Examiner), CFCE (Certified Forensic Computer Examiner), or GCIH (GIAC Certified Incident Handler)
- Role-based training required per NICE Cybersecurity Workforce Framework IN-FOR-002 — must be current or completed within required timeframes
Nice to Have (Differentiators)
- GREM (GIAC Reverse Engineering Malware) or equivalent advanced malware analysis credential
- GNFA (GIAC Network Forensic Analyst) for candidates with deep network forensics depth
- Experience conducting forensic investigations at TS/SCI level within SCIFs or other government-controlled secure facilities
- Background in mobile device forensics, cloud forensics, or memory forensics at advanced levels
- Experience supporting legal proceedings or law enforcement actions with forensic evidence and findings documentation
- Familiarity with emerging forensic evasion techniques and anti-forensics tradecraft used by advanced threat actors
#DICE #LinkedIn
___________________________________________________________________________________________________________
Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:
- Recognized as a Top 20 "Best Place to Work in Virginia"
- Recipient of Department of Labor's HireVets Gold Medallion
- Great Place to Work Certification for five years running
- A Virginia Chamber of Commerce Fantastic 50 company
- A Northern Virginia Technology Council Tech 100 company
- Inc. 5000 list of fastest growing companies for eleven years
- Two-time SBA SBIR Tibbett's Award winner
- Virginia Values Veterans (V3) Certification
We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Check out our Revolutional | LinkedIn to find out a little more about who we are and if we are the right next step for your career!
Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact HR@harmonia.com
.