Cyber Defense Forensics Lead - Clearance Required

Overview:

Cydecor is a premier Federal Government solutions provider, delivering differentiated innovations in mission systems and business platforms. We leverage leading-edge secure systems and software development, backed by industry-leading subject matter expertise, and business intelligence to enable decision-support and remain ahead of ever-evolving national security challenges. Our success rests squarely on three bedrock principles: People, our center of gravity; Mission, what inspires us; and an unyielding commitment to Excellence, what separates us.

Job Description:

We are seeking an experienced Cyber Defense Forensics Lead to lead enterprise digital forensics and investigative operations within a 24/7 SOC environment, providing technical expertise, operational oversight, and strategic direction across cyber defense, incident response, and insider threat investigations.

Responsibilities include:

• Lead digital forensics investigations across enterprise environments, ensuring accurate analysis and timely incident containment
• Conduct host-based and network-based forensic analysis to identify malicious activity, root cause, and scope of compromise
• Perform malware triage and analysis to support incident response and threat mitigation efforts
• Lead insider threat investigations, including detection, analysis, and escalation of suspicious or malicious user activity
• Ensure strict adherence to evidence handling procedures, including chain-of-custody requirements and forensic integrity standards
• Collect, preserve, analyze, and document digital evidence in support of investigative and legal processes
• Develop and maintain forensic workflows, investigative methodologies, and standard operating procedures
• Create dashboards, reports, and visualizations to support forensic investigations and SOC visibility
• Analyze anomalous system and user behavior to identify potential insider threats or advanced adversary activity
• Utilize forensic tools, SIEM platforms, endpoint detection and response (EDR), and intrusion detection systems (IDS) to support investigations
• Support incident response teams by providing forensic expertise during active security incidents
• Correlate forensic findings with threat intelligence to enhance detection and response capabilities
• Provide mentorship and technical guidance to junior analysts and investigators
• Coordinate with cross-functional teams including threat intelligence, incident response, and SOC operations
• Ensure compliance with federal cybersecurity standards, policies, and investigative requirements
• Support reporting and escalation of security incidents to appropriate stakeholders and leadership

Here's what you need (Required Qualifications):

• Bachelor's degree
• Minimum of 7 years of experience in cybersecurity, digital forensics, or incident response
• Minimum of 5 years of hands-on experience conducting host-based and network-based security monitoring and forensic analysis
• Strong experience identifying and analyzing anomalous activity, insider threats, and advanced cyber threat behaviors
• Hands-on experience with forensic tools, SIEM platforms, EDR solutions, IDS/IPS, and security operations workflows
• Experience supporting incident response efforts, including threat containment, eradication, and recovery
• Strong understanding of evidence handling, chain-of-custody procedures, and forensic investigation best practices
• Experience developing forensic reports, dashboards, and workflow documentation
• Ability to analyze large data sets and correlate findings across multiple sources
• Strong understanding of cybersecurity principles, threats, and attack methodologies
• Experience handling sensitive or classified information in accordance with federal security standards

Bonus Points If You Have (Desired Qualifications):

• GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Certified Incident Handler (GCIH), or an equivalent certification
• Experience supporting insider threat programs or user activity monitoring (UAM) initiatives
• Experience working in a 24/7 SOC or federal cybersecurity operations environment
• Familiarity with threat intelligence integration and adversary TTP analysis
• Experience building or enhancing forensic capabilities within enterprise environments
• Experience mentoring analysts in cyber forensics and investigative techniques

Security Clearance:

• Active TS/SCI (or TS with SCI eligibility)

Education:

• Bachelor's degree

Work Schedule:

• Monday-Friday, Hybrid

Compensation and Benefits:

Cydecor offers a comprehensive compensation package including Health and Dental Insurance, Vision and Life Insurance, Short-Term & Long-Term Disability, 401(K) + company match, Paid Time Off (PTO), Paid Company Holidays, Tuition and Professional Development Assistance and more.

What We Believe:

We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Cydecor has the responsibility to create and sustain an inclusive environment.

Tags: Digital Forensics, Cybersecurity, Incident Response, SOC, Insider Threat, Threat Detection, Malware Analysis, SIEM, EDR, IDS, Intrusion Detection, Network Forensics, Host-Based Forensics, Chain of Custody, Evidence Handling, Cyber Defense, Threat Analysis, Security Operations Center, Splunk, Log Analysis, Endpoint Security, Threat Hunting, Advanced Persistent Threats (APT), Federal Government, Cleared Jobs, TS/SCI Clearance, Cyber Investigations, Security Analytics, DFIR (Digital Forensics and Incident Response), MITRE ATT&CK

Equal Employment Opportunity Statement

Cydecor is an Equal Employment Opportunity/Affirmative Action Employer (EEO/AA). All employment and hiring decisions are based on qualifications, merit, and business needs without regard to race, religion, color, sexual orientation, nationality, gender, ethnic origin, disability, age, sex, gender identity & expression, veteran status, marital status, or any other characteristic protected by applicable law.

If you are a qualified individual with a disability and/or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site because of your disability. You can request assistance by contacting View email address on click.appcast.io or calling View phone number on click.appcast.io.