Host Based Cyber Systems Analyst III

Host-Based Systems Analyst III (HBA03) - Full Performance

Location: Onsite / Remote (as required for mission)
Clearance: Active TS/SCI with DHS EOD eligibility
Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)
About Argo Cyber Systems

Argo Cyber Systems supports the Department of Homeland Security (DHS) Hunt and Incident Response Team (HIRT) in protecting the Nation's cyber and communications infrastructure. Our mission-driven analysts provide rapid onsite and remote response, advanced forensics, and proactive threat-hunting capabilities across federal civilian networks and high-value assets.

As part of the HIRT mission, Argo personnel deliver advanced technical assistance, incident containment, and forensic expertise to mitigate intrusions, restore operations, and strengthen national cyber resilience.
Position Overview

Argo Cyber Systems is seeking an experienced Host-Based Systems Analyst III (HBA03) to support DHS HIRT's national incident response and digital forensics operations. The successful candidate will lead and execute host-level forensic analysis, malware triage, and investigative reporting in response to advanced cyber threats targeting critical government systems.

This role combines hands-on technical expertise with mission-critical communication and coordination responsibilities - directly supporting DHS leadership and federal stakeholders during high-impact incidents.
Key Responsibilities

• Lead and coordinate forensic investigations in support of incident response engagements and post-compromise assessments.
• Plan, direct, and execute the collection, examination, and analysis of host-based evidence across multiple operating systems and environments.
• Acquire, preserve, and analyze digital artifacts (malware, volatile memory, registry data, user activity, logs, and executables) to support attribution and root-cause analysis.
• Perform forensic triage to determine incident scope, urgency, and potential impact on enterprise operations.
• Correlate host-level findings with network telemetry to reconstruct intrusion narratives and identify persistence or lateral movement.
• Evaluate and dissect malicious code and executable behavior to identify tactics, techniques, and procedures (TTPs).
• Maintain strict chain of custody and documentation standards to ensure evidence integrity.
• Distill technical analysis into clear, actionable reports and executive summaries suitable for senior leadership and interagency partners.
• Serve as a technical liaison to government stakeholders, explaining forensic methodologies, tools, and findings in both technical and operational terms.
• Support the development of Computer Network Defense (CND) guidance , playbooks, and after-action reports based on investigative outcomes.

Required Qualifications

• U.S. Citizenship (required)
• Active TS/SCI clearance (required)
• Ability to obtain DHS Entry on Duty (EOD) Suitability
• 5+ years of hands-on experience conducting host-based or digital forensic investigations
• Expertise in forensically sound data acquisition , duplication, and preservation
• Proficiency in analyzing, categorizing, and reporting cyber attacks and system compromises
• Strong knowledge of evidence handling procedures , documentation, and chain-of-custody standards
• Familiarity with attack lifecycle phases and common adversary techniques
• Comprehensive understanding of system and application security threats, vulnerabilities, and mitigation strategies
• Experience performing host triage, live response, and volatile memory analysis
• Proficiency with Windows, Linux/Unix , and related file systems
• Demonstrated ability to collaborate across distributed teams in time-sensitive operational environments

Desired Qualifications

• Proficiency with two or more of the following forensic and analysis tools:
  
  • EnCase, FTK, X-Ways, SIFT, Volatility, Sleuth Kit/Autopsy
  • Wireshark, Splunk, Snort, or EDR tools (CrowdStrike, Carbon Black, SentinelOne)
• Experience conducting malware reverse-engineering and all-source research
• Understanding of threat actor TTPs and advanced intrusion methodologies
• Strong communication skills for technical briefings and interagency coordination

Education

• Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or a related field
  or
• High School Diploma with 7-9 years of host or digital forensics experience

Preferred Certifications

• GCFA , GCFE , GCIH , EnCE , CCE , CFCE , CISSP , or equivalent

Why Join Argo Cyber Systems

Argo Cyber Systems empowers federal partners to outpace and outmaneuver adversaries through precision forensics, agile response, and mission-first cybersecurity operations. As part of the DHS HIRT mission, you will be on the front lines of national cyber defense-supporting the investigation, containment, and recovery of the nation's most critical systems.