Intrusion Analyst

About The Position

Requirements

• U.S. Citizenship required.
• Active TS clearance with SCI eligibility required.
• Demonstrated experience with intrusion-focused forensic analysis across host/network artifacts and multiple OS platforms.
• Strong writing and verbal communication skills; ability to present findings clearly and defend methodologies.

Nice To Haves

• Experience supporting rapid response investigative operations that may require extended/irregular hours.
• Experience correlating enterprise telemetry sources (security device logs, captures, cloud logs) to identify persistence, escalation, lateral movement, and exfiltration.

Responsibilities

• Intrusion-Focused Forensic Analysis Perform host- and network-based forensic analysis across Windows, Linux, macOS, and mobile platforms. Examine volatile memory, log exports, and pre-acquired datasets; identify IOCs and adversary TTPs; reconstruct timelines and scope.
• Tool-Driven Investigation & Automation Use forensic and analysis tooling such as Magnet Axiom, X-Ways, FTK, Volatility, Splunk, ELK Stack, and open-source utilities. Apply scripting/automation (Python, PowerShell, Bash) to accelerate artifact parsing and correlation.
• Reporting, Testimony Readiness & Quality Produce thorough documentation of findings and conclusions; communicate clearly for non-expert audiences. Successfully complete a mock examination and defend results in a practical courtroom exercise (Government-run).
• Operational Support Support mission needs that may drive irregular hours and location-specific requirements depending on investigative activity.