Lead Cyber Forensics Investigator

Key Responsibilities Lead end-to-end cyber forensic investigations, including intake, triage, scoping, evidence strategy, tasking, analysis coordination, and deliverable development. Define investigative objectives, data sources, timelines, roles, assumptions, and expected outputs for forensic activities. Ensure forensic investigations align with incident response priorities, legal and compliance requirements, organizational risk tolerance, and mission needs. Direct the collection, preservation, processing, and handling of digital evidence from endpoints, servers, cloud services, identity platforms, security tools, network devices, and other relevant sources. Ensure evidence integrity through documented chain‑of‑custody procedures, repeatable acquisition methods, secure storage, and defensible handling practices. Validate forensic acquisition approaches, tool outputs, and evidence handling procedures for completeness, accuracy, and admissibility where applicable. Oversee analysis of host artifacts, file systems, memory, logs, endpoint telemetry, malware indicators, authentication activity, network data, and other forensic evidence. Identify attack vectors, compromise timelines, persistence mechanisms, lateral movement, privilege escalation, data access, exfiltration indicators, and affected assets. Correlate forensic findings with SOC alerts, threat intelligence, SIEM data, EDR telemetry, vulnerability information, and incident response actions. Produce and review high‑quality forensic reports, investigative timelines, evidence summaries, executive summaries, and technical findings. Translate forensic evidence into clear risk, impact, and business language for technical and non‑technical audiences. Develop practical recommendations to support containment, eradication, recovery, control improvements, detection enhancements, and future prevention. Serve as the primary forensic point of contact during cybersecurity incidents, investigations, and follow‑up analysis activities. Brief SOC leadership, program leadership, system owners, legal or compliance stakeholders, and technical teams on forensic status, findings, risks, and next steps. Coordinate with SOC analysts, threat hunters, threat intelligence analysts, engineers, and other responders while maintaining disciplined investigative practices. Lead and mentor forensic analysts and contributors, including assigning tasks, reviewing work products, and supporting professional development. Review evidence, analysis methods, timelines, conclusions, and reports for accuracy, consistency, completeness, and defensibility. Support standardization of forensic playbooks, evidence checklists, reporting templates, workflows, and quality‑control practices. Maintain and improve forensic methodologies, tools, lab procedures, evidence repositories, and analysis workflows. Support lessons learned, after‑action reviews, tabletop exercises, and readiness activities that improve investigative speed and quality. Stay current with evolving attacker tradecraft, forensic artifacts, operating systems, cloud platforms, endpoint technologies, and investigative best practices. Required Skills 7+ years of experience in digital forensics, incident response, cyber investigations, SOC operations, threat analysis, or closely related cybersecurity roles. Proven experience leading formal cyber forensic investigations or incident‑response forensic workstreams. Hands‑on experience collecting, preserving, and analyzing digital evidence from enterprise systems, endpoints, logs, network sources, cloud platforms, or security tools. Strong understanding of forensic methodologies, chain of custody, evidence integrity, incident response lifecycle, and investigative documentation standards. Experience using forensic, EDR, SIEM, log analysis, or investigation tools such as EnCase, FTK, Magnet AXIOM, Autopsy/Sleuth Kit, Volatility, Velociraptor, Splunk, Sentinel, CrowdStrike, Microsoft Defender, or equivalent technologies. Excellent written and verbal communication skills, including the ability to produce defensible technical reports and brief stakeholders on findings and recommendations. Desired Skills Experience leading forensic investigations in regulated, government, critical infrastructure, law enforcement, defense, financial, or healthcare environments. Experience with Windows, Linux, cloud, identity, email, endpoint, memory, malware, and network forensics. Familiarity with cybersecurity frameworks and guidance such as NIST, MITRE ATT&CK, CIS Controls, ISO 27001, or incident response best practices. Certifications such as GCFA, GCFE, GCIH, GNFA, CISSP, CCE, EnCE, CFCE, CHFI, Security+, or equivalent. Experience briefing executives, legal counsel, compliance stakeholders, or senior technical leadership during high‑priority incidents. Experience developing forensic playbooks, training analysts, improving lab procedures, or building forensic readiness programs. ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law. #J-18808-Ljbffr ECS