Senior Forensic Analyst
This position supports a large-scale federal security operations program responsible for protecting enterprise networks, detecting and responding to intrusions, and conducting forensic investigations of suspected compromises. Forensic evaluations on this program are non-repetitive, fixed-duration engagements — each one is unique, consequential, and conducted under legal chain of custody requirements.
The core challenge: conducting rigorous forensic evaluations of federal systems suspected of compromise — independently, under legal and evidentiary standards, with findings that inform both immediate response and broader intelligence community awareness.
As a Senior Forensic Analyst at Revolutional, you conduct forensic evaluations of federal enterprise systems suspected of compromise. You are a senior practitioner operating with a high degree of independence — each engagement is distinct, and you bring the expertise to scope, execute, and deliver findings without a playbook written specifically for the situation in front of you.
You maintain strict chain of custody in accordance with applicable federal and state legal requirements, conduct both host and network analysis to determine the full extent of compromise, and interface directly with the intelligence community to share and receive context that sharpens your findings. You may travel to government sites as required to support on-site forensic collection and analysis.
Responsibilities
- Conduct forensic evaluations of federal enterprise systems, endpoints, and media suspected of compromise; apply rigorous methodology and maintain chain of custody throughout in accordance with applicable federal and state law
- Perform host-based forensic analysis: disk imaging, file system examination, artifact recovery, memory analysis, and timeline reconstruction to determine attacker activity and compromise extent
- Conduct network forensic analysis: packet capture review, NetFlow analysis, log correlation, and lateral movement identification to establish the full scope of intrusion activity
- Produce thorough, legally defensible forensic reports documenting findings, methodology, evidence handling, and recommended response actions
- Interface with the intelligence community to share forensic findings, receive relevant threat context, and ensure investigations are informed by the current intelligence picture
- Support forensic projects as directed by program leadership, including surge support for high-priority or time-sensitive investigations
- Travel to government sites as required to conduct on-site evidence collection, system imaging, and forensic analysis
- Maintain current awareness of adversary TTPs, malware families, and forensic evasion techniques relevant to the federal threat landscape
- Contribute to development and refinement of forensic procedures, evidence handling standards, and investigation methodologies
- Coordinate with incident response, threat intelligence, and SOC teams to ensure forensic findings drive timely and effective response actions
What You Bring (Requirements)
Baseline Requirements
- Bachelor's degree in Computer Science, Digital Forensics, Information Security, or related field (or equivalent experience)
- 7 or more years of hands-on digital forensics experience, including complex investigations of suspected system compromises in federal or law enforcement environments
- Demonstrated experience maintaining chain of custody in accordance with federal and state legal requirements
- Active Top Secret clearance required
- Ability and willingness to travel to government sites as required
Technical & Domain Capabilities
- Expert-level host forensics: disk and memory acquisition, file system analysis, artifact recovery, malware triage, and attack timeline reconstruction across Windows and Linux environments
- Hands-on network forensics: packet capture analysis, NetFlow, proxy and DNS log review, and identification of lateral movement, exfiltration, and command-and-control activity
- Proficiency with industry-standard forensic tools: EnCase, FTK, Autopsy, Volatility, Wireshark, or equivalent
- Experience conducting non-repetitive, fixed-duration forensic evaluations independently with minimal direction
- Established working relationships or experience interfacing with the intelligence community in the context of cybersecurity investigations
- Understanding of attacker TTPs, kill-chain methodology, and MITRE ATT&CK framework as applied to forensic investigations
- Experience producing forensic reports that meet legal and evidentiary standards for federal proceedings
Core Strengths
- Technically expert and analytically independent — you scope and execute complex forensic investigations without needing the situation pre-defined for you
- Legally disciplined: chain of custody, evidence integrity, and documentation rigor are non-negotiable to you
- Credible intelligence community partner — you share findings with precision and incorporate external context effectively
- Composed under operational pressure; fixed-duration engagements with real consequences don't rattle your methodology or your output quality
Certifications
One or more of the following is strongly preferred:
- GCFE or GCFA (GIAC Forensics), EnCE (EnCase Certified Examiner), CFCE (Certified Forensic Computer Examiner), GCIH, or CISSP
Nice to Have (Differentiators)
- GREM (GIAC Reverse Engineering Malware) or equivalent malware analysis credential
- Experience conducting forensic investigations at the TS/SCI level or within classified network environments
- Active TS/SCI clearance
- Prior direct experience working with or embedded in an intelligence community organization
- Background in mobile device forensics, cloud forensics, or industrial control system (ICS) forensics
- Experience supporting law enforcement actions or legal proceedings with forensic evidence and expert testimony
Senior Forensic Analyst
This position supports a large-scale federal security operations program responsible for protecting enterprise networks, detecting and responding to intrusions, and conducting forensic investigations of suspected compromises. Forensic evaluations on this program are non-repetitive, fixed-duration engagements — each one is unique, consequential, and conducted under legal chain of custody requirements.
The core challenge: conducting rigorous forensic evaluations of federal systems suspected of compromise — independently, under legal and evidentiary standards, with findings that inform both immediate response and broader intelligence community awareness.
As a Senior Forensic Analyst at Revolutional, you conduct forensic evaluations of federal enterprise systems suspected of compromise. You are a senior practitioner operating with a high degree of independence — each engagement is distinct, and you bring the expertise to scope, execute, and deliver findings without a playbook written specifically for the situation in front of you.
You maintain strict chain of custody in accordance with applicable federal and state legal requirements, conduct both host and network analysis to determine the full extent of compromise, and interface directly with the intelligence community to share and receive context that sharpens your findings. You may travel to government sites as required to support on-site forensic collection and analysis.
Responsibilities
- Conduct forensic evaluations of federal enterprise systems, endpoints, and media suspected of compromise; apply rigorous methodology and maintain chain of custody throughout in accordance with applicable federal and state law
- Perform host-based forensic analysis: disk imaging, file system examination, artifact recovery, memory analysis, and timeline reconstruction to determine attacker activity and compromise extent
- Conduct network forensic analysis: packet capture review, NetFlow analysis, log correlation, and lateral movement identification to establish the full scope of intrusion activity
- Produce thorough, legally defensible forensic reports documenting findings, methodology, evidence handling, and recommended response actions
- Interface with the intelligence community to share forensic findings, receive relevant threat context, and ensure investigations are informed by the current intelligence picture
- Support forensic projects as directed by program leadership, including surge support for high-priority or time-sensitive investigations
- Travel to government sites as required to conduct on-site evidence collection, system imaging, and forensic analysis
- Maintain current awareness of adversary TTPs, malware families, and forensic evasion techniques relevant to the federal threat landscape
- Contribute to development and refinement of forensic procedures, evidence handling standards, and investigation methodologies
- Coordinate with incident response, threat intelligence, and SOC teams to ensure forensic findings drive timely and effective response actions
What You Bring (Requirements)
Baseline Requirements
- Bachelor's degree in Computer Science, Digital Forensics, Information Security, or related field (or equivalent experience)
- 7 or more years of hands-on digital forensics experience, including complex investigations of suspected system compromises in federal or law enforcement environments
- Demonstrated experience maintaining chain of custody in accordance with federal and state legal requirements
- Active Top Secret clearance required
- Ability and willingness to travel to government sites as required
Technical & Domain Capabilities
- Expert-level host forensics: disk and memory acquisition, file system analysis, artifact recovery, malware triage, and attack timeline reconstruction across Windows and Linux environments
- Hands-on network forensics: packet capture analysis, NetFlow, proxy and DNS log review, and identification of lateral movement, exfiltration, and command-and-control activity
- Proficiency with industry-standard forensic tools: EnCase, FTK, Autopsy, Volatility, Wireshark, or equivalent
- Experience conducting non-repetitive, fixed-duration forensic evaluations independently with minimal direction
- Established working relationships or experience interfacing with the intelligence community in the context of cybersecurity investigations
- Understanding of attacker TTPs, kill-chain methodology, and MITRE ATT&CK framework as applied to forensic investigations
- Experience producing forensic reports that meet legal and evidentiary standards for federal proceedings
Core Strengths
- Technically expert and analytically independent — you scope and execute complex forensic investigations without needing the situation pre-defined for you
- Legally disciplined: chain of custody, evidence integrity, and documentation rigor are non-negotiable to you
- Credible intelligence community partner — you share findings with precision and incorporate external context effectively
- Composed under operational pressure; fixed-duration engagements with real consequences don't rattle your methodology or your output quality
Certifications
One or more of the following is strongly preferred:
- GCFE or GCFA (GIAC Forensics), EnCE (EnCase Certified Examiner), CFCE (Certified Forensic Computer Examiner), GCIH, or CISSP
Nice to Have (Differentiators)
- GREM (GIAC Reverse Engineering Malware) or equivalent malware analysis credential
- Experience conducting forensic investigations at the TS/SCI level or within classified network environments
- Active TS/SCI clearance
- Prior direct experience working with or embedded in an intelligence community organization
- Background in mobile device forensics, cloud forensics, or industrial control system (ICS) forensics
- Experience supporting law enforcement actions or legal proceedings with forensic evidence and expert testimony
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
SECURITY GUARD - FULL-TIME NIGHT SHIFT (24866)
- Paramus, New Jersey
- Bergen New Bridge Medical Center
- Jul 16, 2026
-
Customs and Border Protection Officer (Entry Level - up to $9k Recruitment Incentives)
- Visalia, California
- U.S. Customs and Border Protection
- Jul 16, 2026
-
Security Officer Badge Screening
- Boston, Massachusetts
- Allied Universal
- Jul 16, 2026
-
Evening Armed Guard (PT)
- Columbus, Georgia
- Excelsior Defense
- Jul 16, 2026
-
Event Security Officer (Part-Time)
- Cleveland, Ohio
- TeamWork Online
- Jul 16, 2026
-
Armed Security Guard Union - part-time - Clearwater - Ahtna Professional Services
- Clearwater, Florida
- Ahtna Professional Services
- Jul 16, 2026