Lead Cyber Defense Forensics Analyst
Revolutional, LLC
Job Description
Job Description
Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.
We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.
Lead Cyber Defense Forensics AnalystLocation: Onsite – Government-controlled secure facility
Terms: Full-time
Clearance: Active Top Secret/SCI required
Travel: 0-10%
Project DescriptionThis position serves as the senior forensic practitioner on a federal enterprise cybersecurity program operating within government-controlled secure facilities. The forensics function supports the full cyber defense mission — conducting complex digital forensic investigations, driving incident response analysis, and contributing to threat hunt operations at the classified level. This is a hands-on technical lead role, not an organizational management position.
The core challenge: leading forensic investigations of the highest technical complexity within a classified environment — setting the analytic standard, producing legally defensible findings, and ensuring that forensic work directly informs and accelerates the program's incident response and threat hunt capabilities.
Position DescriptionAs Lead Cyber Defense Forensics Analyst at Revolutional, you are the program's most senior forensic practitioner. You own the most complex investigations, set the technical standard for forensic methodology, and serve as the subject matter authority on computer forensics, network analysis, and evidentiary handling across the cyber defense mission. You work alongside — not above — the SOC Chief, contributing deep technical expertise where it matters most: inside the investigation.
You bring 5 to 7 years of hands-on experience across digital forensics, incident response, and threat hunting, and you operate in full alignment with the NICE Cybersecurity Workforce Framework Cyber Defense Forensics Analyst role (IN-FOR-002). Your core competencies span Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis — and you apply all of them under classified conditions, within government-controlled secure facilities, every day.
Responsibilities- Lead digital forensic investigations of the highest technical complexity; conduct end-to-end analysis from evidence acquisition through findings documentation within classified, government-controlled secure facilities
- Perform host-based forensic analysis: disk and memory acquisition, file system examination, artifact recovery, malware triage, and attack timeline reconstruction across Windows and Linux environments
- Conduct network forensic analysis: packet capture review, NetFlow correlation, log analysis, and identification of lateral movement, exfiltration, and command-and-control activity
- Maintain strict chain of custody for all evidence collected and handled; ensure all forensic work meets applicable federal legal and evidentiary standards
- Provide direct analytical support to incident response operations; contribute forensic findings that drive containment, eradication, and recovery decisions in real time
- Support threat hunt activities with forensic analysis: investigate hunt leads, validate hypotheses, and extract IOCs that feed detection improvements
- Apply Software Testing and Evaluation methodology to validate forensic tools and assess new capabilities before operational deployment
- Apply system administration knowledge across Windows and Linux environments to scope investigations, interpret artifacts, and assess attacker activity accurately
- Apply Threat Analysis tradecraft to map forensic findings to adversary TTPs using MITRE ATT&CK and other structured frameworks
- Produce thorough, legally defensible forensic reports documenting methodology, findings, evidence handling, and recommended response actions
- Maintain current awareness of adversary tradecraft, malware families, forensic evasion techniques, and emerging investigation methodologies
- Ensure compliance with NICE Cybersecurity Workforce Framework IN-FOR-002 role definition and associated role-based training requirements
- Bachelor's degree in Computer Science, Digital Forensics, Information Security, or related field (or equivalent experience)
- 5 to 7 years of hands-on experience in digital forensics, incident response, and threat hunting, with demonstrated lead-level technical proficiency
- Active Top Secret/SCI clearance (Final) required
- Must work onsite within a government-controlled secure facility
- Expert-level Computer Forensics: disk and memory acquisition, file system and artifact analysis, malware triage, timeline reconstruction, and chain of custody management to legal and evidentiary standards
- Core competency in Computer Network Defense: intrusion detection, alert triage, network traffic analysis, and defensive posture assessment applied to forensic investigation scoping and findings
- Experience with Software Testing and Evaluation applied to forensic tool validation, capability testing, and pre-deployment assessment of new investigation technologies
- Working knowledge of System Administration across Windows and Linux environments sufficient to accurately scope investigations, interpret system artifacts, and reconstruct attacker activity
- Core competency in Threat Analysis: MITRE ATT&CK-based TTP mapping, threat actor profiling, and structured analytic frameworks applied to forensic findings
- Proficiency with industry-standard forensic tools: EnCase, FTK, Autopsy, Volatility, Wireshark, or equivalent
- Experience operating within the NICE Cybersecurity Workforce Framework IN-FOR-002 role definition; current on applicable role-based training requirements
- Technically elite forensic practitioner — your investigations are thorough, your methodology is sound, and your findings hold up under legal and operational scrutiny
- Analytically independent: you take complex, ambiguous investigations and drive them to conclusion without needing the situation pre-defined
- Rigorous in classified environments — chain of custody, access controls, and handling requirements are instinctive, not procedural
- Effective technical contributor to incident response and threat hunt teams; your forensic findings accelerate the broader mission, not just your own workstream
One or more of the following is required or strongly preferred:
- GCFA (GIAC Certified Forensic Analyst), GCFE (GIAC Certified Forensic Examiner), EnCE (EnCase Certified Examiner), CFCE (Certified Forensic Computer Examiner), or GCIH (GIAC Certified Incident Handler)
- Role-based training required per NICE Cybersecurity Workforce Framework IN-FOR-002 — must be current or completed within required timeframes
- GREM (GIAC Reverse Engineering Malware) or equivalent advanced malware analysis credential
- GNFA (GIAC Network Forensic Analyst) for candidates with deep network forensics depth
- Experience conducting forensic investigations at TS/SCI level within SCIFs or other government-controlled secure facilities
- Background in mobile device forensics, cloud forensics, or memory forensics at advanced levels
- Experience supporting legal proceedings or law enforcement actions with forensic evidence and findings documentation
- Familiarity with emerging forensic evasion techniques and anti-forensics tradecraft used by advanced threat actors
#DICE #LinkedIn
___________________________________________________________________________________________________________
Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:
- Recognized as a Top 20 "Best Place to Work in Virginia"
- Recipient of Department of Labor's HireVets Gold Medallion
- Great Place to Work Certification for five years running
- A Virginia Chamber of Commerce Fantastic 50 company
- A Northern Virginia Technology Council Tech 100 company
- Inc. 5000 list of fastest growing companies for eleven years
- Two-time SBA SBIR Tibbett's Award winner
- Virginia Values Veterans (V3) Certification
We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Check out our Revolutional | LinkedIn to find out a little more about who we are and if we are the right next step for your career!
Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact View email address on ziprecruiter.com.
- Tyto Athene, LLC in Washington is searching for a Tier 3 Digital Forensics and Incident Response Analyst. In this role, you will lead cross-functional teams in analyzing major cybersecurity incidents and serve as the primary contact for escalation issues. The ideal candidate...Cyber
$131.3k - $237.35k
Leidos is seeking a Senior Incident Response Analyst in Bethesda, Maryland to support the DHS CISA Program. The role involves coordinating incident investigations, analyzing cyber incidents, and developing response procedures. A bachelor's degree in Computer Science or...Cyber$138k - $209k
...Information Sciences) is seeking a qualified Security Architect to lead incident response activities and manage cybersecurity threats... ...years in incident response and extensive knowledge of digital forensics and malware analysis. Competitive salary range is $138,000-$209...Cyber- ...company supporting national defense, federal civilian agencies, and... ...a Data Gathering Support Analyst to join our growing team in support... ..., MD. Responsibilities Cyber Security Solutions Data Gathering... ...EnCase, FTK, AXIOM or other forensic tools 3 years of experience with...CyberWork at officeFlexible hours2 days per week
- ...recognized members of the Cyber Elite, we work together... ...a Cybersecurity Lead to serve as the primary... ...incident response and forensic analysis. Ability to... ...supporting Tier 2 and Tier 3 analysts during incident... ...Tenable Nessus (ACAS) and Defense Information Systems Agency...CyberContract workFor contractorsWork at office
- ...Resilience team is looking to hire an Incident / Crisis Management Lead to help drive the continuous enhancement of the crisis event... ...response to major disruption events (e.g., global technology outages, cyber-attacks, geopolitical issues etc). Coordinate cross-...CyberTemporary workLocal areaVisa sponsorshipWork visaFlexible hours
- ...Accenture is seeking a hands-on technical leader for its Cyber Investigation and Forensic Response practice in Arlington, Virginia. This role involves conducting complex forensic analyses, leading incident response efforts, and mentoring junior investigators. The ideal...Cyber
- Security Operations Center, Analyst- Costa Rica As a SOC Analyst, you will play a pivotal... ...Responsibilities: Cybersecurity Operations: Lead and manage cybersecurity operations... ...understanding of industry trends, emerging cyber threats, and new solutions that may impact...CyberPermanent employmentFull timeContract workFor contractorsInterim roleImmediate startRelocation
$127.5k - $236.5k
A defense technology company is seeking a Lead, Cyber Intelligence in Washington, DC to perform cybersecurity analysis and ISSO duties. The successful candidate will have extensive experience with AWS and be involved in security assessments, managing security controls,...CyberFlexible hours$75k - $95k
...cutting-edge research and technology in the cyber arena, CPMG focuses on using business... ...integrative solutions for Department of Defense (DoD) contractors, among others, and specializes... ...We are seeking an entry‑level Consultant/Analyst 1 to support the United States Coast...CyberContract workFor contractorsWork at officeFlexible hours$85k - $110k
...cutting-edge research and technology in the cyber arena, CPMG focuses on using business... ...integrative solutions for Department of Defense (DoD) contractors, among others, and specializes... ...and detail-oriented Junior Consultant/Analyst to support the United States Coast Guard...CyberContract workFor contractorsWork at officeFlexible hours$87k - $93k
...cutting‑edge research and technology in the cyber arena, CPMG focuses on using business... ...integrative solutions for Department of Defense (DoD) contractors, among others, and specializes... ...support services. Summary The Management Analyst acts as liaison to other managers and...CyberFor contractorsWork at officeFlexible hours- ...(CSA) is currently seeking an Analyst I to support onsite in the Arlington... ...support services to meet the defense and federal sector's most... ...applicable directives. Support cyber and compliance activities,... ...Collaborate with government leads, program management, and subcontractor...CyberFull timeContract workFor subcontractorWork at officeRemote work
- ...Policy Role This is a senior individual contributor policy role leading OpenAI's engagement with state and major metropolitan homeland... ...both the risks and beneficial uses of advanced AI, including cyber defense, critical infrastructure resilience, election security,...CyberLocal area
$100k - $120k
SkyePoint Decisions, Inc. is seeking a Mobile Threat Analyst in Arlington, VA, to support the Diplomatic Security Cyber Mission. The role involves conducting forensic examinations of mobile devices and analyzing malicious behavior within applications. Candidates should...CyberFlexible hours- Kratos Defense invites applications for an Engineering Team Lead to spearhead the design, development, integration, and testing of Satellite Ground Systems. The... ...drive programs across a global customer base, contributing to #J-18808-Ljbffr Kratos Space Training & CyberCyberWorldwide
$140k - $160k
...About Bridge Defense. Bridge Defense is redefining how modern defense technology is delivered... ..., scientific analysis, cutting-edge cyber defense, and intelligence analysis. We... ...mission. Summary: As a Business Analyst, you will play a critical role in the development...CyberRelocationFlexible hours- ...front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. They are seeking Host Forensics Analysts to support this critical customer... ...Responsibilities Assist Federal leads with overseeing and leading forensic...CyberContract workFor contractorsImmediate startRemote work
- Node.Digital is looking for a Host Forensic Analyst in Arlington, VA to support critical customer missions with extensive responsibilities... ...code. The ideal candidate will have 5+ years of experience in cyber forensic investigations, must hold a Top Secret Clearance, and...Cyber
- A Service-Disabled Veteran-Owned Company in Washington seeks a Program Analyst to support the Defense Intelligence Agency. This role involves managing and analyzing application portfolios, tracking lifecycle statuses, and ensuring alignment with strategic goals. The ideal...Flexible hours
$52k - $62.4k
...Our Mission: At Dobbs Defense, we deliver mission-centric IT, Cyber, and data analytics solutions for our government and commercial clients through the convergence... ...an experienced and detail-oriented Technical Business Analyst to support a large-scale digital modernization and CMS...CyberLocal area- Description Senior Data Analyst Req ID 003-25 v1.0 HazeGrayCyber, LLC is focused on delivering Cyber Security and Zero Trust Solutions to the US National Defense community and our allies and partners. This position will provide Information and Task Management Support to...CyberFor contractorsOverseas
- ...founder-owned technology and services integrators in the defense and government services industry. We deliver... ...award ***** Overview SOSi is seeking a Security Analyst – Forensics/Malware Analysis to support cyber defense and incident response activities in alignment...CyberFull timeContract workWork at officeWorldwideMonday to FridayWeekend workAfternoon shift
$147k - $200k
...Role The SAAM Group is seeking a Lead Program Manager with an engineering background to... ...projects larger than $5M for the Department of Defense Risk and Opportunity Management... ...intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications...CyberFull timeContract workFor subcontractorWork at officeLocal areaNight shift- ...support services across the Department of Defense, Federal Civilian, and international... ...a future need for an Operations Research Analyst to assist with systems engineering (SE) and... ...acquisition programs, especially in Reliability, Cyber Resilience, AI, and Human Systems...CyberTemporary workWork at office
- EY is seeking a Cyber Triage and Forensics (CTF) Analyst to monitor, detect, and respond to security events as part of EY Information Security. You will... ..., and collaboration across teams to strengthen cyber defense. The role emphasizes log analysis, threat identification...Cyber
$150k - $170k
Vannevar is a defense technology company building AI to deter our adversaries... .... About The Role Mission Leads are customer‑facing owners of... ...should have experience in the Cyber community. U.S. Persons status... ...relationships with operators, analysts, planners, technical teams,...CyberRemote workHome office- Evolver Federal is seeking a Lead Cyber Threat Analyst to fulfil a requirement for a potential government client. The Lead Cyber Threat Analyst... .... Oversee malware analysis, reverse engineering, and forensic investigations for complex incidents. Integrate threat intelligence...CyberFlexible hours
$86k - $126k
# Compliance AnalystARGO Cyber SystemsContractmidArlington, Virginia... ...a mid-level Compliance Analyst. This is a contract role in Arlington... ...incident response, advanced forensics, and coordinated recovery... ...forefront of national cyber defense-protecting civilian agencies...CyberContract workFor contractors$132.5k - $338.3k
We Are: Accenture Security is one of the fastest growing areas of our business, and our global Cyber Investigation and Forensic Response (CIFR) practice is at the heart of how we help clients prepare for, respond to, and recover from the most consequential cyber incidents...CyberWork experience placementLive inWork at officeLocal area
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Lead Cyber Defense Forensics Analyst. Be the first to apply!

