Cyber Forensics Analyst

Propertyvalue Electronic Consulting Services, Inc (ecs Federal
Portland, United States of America
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Portland, United States of America

Tech stack

Java
Microsoft Windows
Computer Security
Computer Forensics
Data Centers
Linux
Digital Forensics
File Systems
Forensics Tools (Digital Forensics Software)
X86 Assembly Languages
Windows Server
OllyDBg
Open Source Technology
Reverse Engineering
Wireshark
Forensic Toolkit
Malware
OpenText
IDA Pro
Encase

Job description

ECS is seeking a Cyber Forensics Analyst to work in our Portland, OR office. Please Note: This position is contingent upon contract award.

The Forensics Analyst Mid performs hands-on forensic analysis and malware investigation activities in support of SOC security investigations, incident response, routine memory checks, and advanced threat hunting. This role uses industry-standard forensic tools and strong investigative skills to collect, analyze, and document technical evidence.

The ideal candidate has solid cybersecurity experience, strong written communication skills, and the ability to operate resourcefully and independently while coordinating with SOC teams, data centers, and senior forensic personnel during investigations.

Key Responsibilities

Digital Forensics and Investigation

  • Perform forensic analysis using industry-standard forensic tools and open-source DFIR utilities.

  • Assist with forensic investigations involving endpoints, servers, malware, and cyber incidents.

  • Analyze Windows Registry, Windows System Calls, Linux artifacts, file system data, logs, and memory artifacts.

  • Create findings and technical notes that support investigative conclusions and remediation actions.

Malware Analysis and IOC Development

  • Analyze malware in a lab environment using standard malware analysis techniques.

  • Create IOCs based on forensic and malware findings for sharing with SOC and security teams.

  • Support Java code de-obfuscation and technical analysis activities within the analyst skill level.

  • Escalate complex malware or reverse-engineering requirements to senior analysts or the FMAT Lead.

SOC and Incident Response Support

  • Assist the SOC with security investigations and incident response activities.

  • Conduct routine memory checks on Linux and Windows servers as directed.

  • Support proactive malware analysis, incident response, and advanced threat hunting activities.

  • Communicate with different teams and data centers during investigations.

Reporting and Collaboration

  • Create clear investigation reports, forensic summaries, and supporting documentation.

  • Communicate findings effectively to SOC analysts, incident responders, data center teams, and leadership.

  • Apply strong investigative, research, and problem-solving skills to ambiguous technical issues.

  • Contribute to repeatable forensic procedures, knowledge sharing, and continuous process improvement.

Requirements

  • 5 to 8 years of experience in cybersecurity, digital forensics, incident response, or related cyber investigation work.

  • Experience performing forensic analysis using industry-standard forensic tools and open-source tools.

  • Familiarity with Windows Registry, Windows System Calls, Linux operating systems, and Java code de-obfuscation.

  • Hands-on experience with Volatility or other memory forensics tools, FTK, and Wireshark.

  • Ability to create IOCs based on forensic analysis and share them with other security teams.

  • Ability to analyze malware in a lab environment using standard malware analysis techniques.

  • Experience performing or supporting forensic investigations and incident response activities.

  • Excellent written communication, resourcefulness, investigative ability, research skills, and problem-solving skills.

Desired Skills

  • Experience with EnCase (OpenText), Autopsy, Axiom, Zimmerman tools, and other DFIR tools.

  • Experience supporting a U.S. Government civilian agency, enterprise SOC, or regulated environment.

  • Experience with OllyDbg, IdaPro , or comparable reverse-engineering tools.

  • Knowledge of X86 Intel Assembly Language.

Tools and Technologies

  • Forensic Toolkit (FTK)

  • EnCase (OpenText)

  • Autopsy

  • Axiom

  • DFIR tools

  • Zimmerman tools

  • Volatility or equivalent memory forensics tools

  • Wireshark

  • Linux

  • OllyDbg

  • IdaPro

Preferred Certifications

  • GCFE

  • GCFA

  • EnCE

  • FOR508

  • Security+

  • GREM

  • CEH

  • CSFA

Key Competencies

  • Hands-on forensic analysis

  • Malware triage and IOC creation

  • Memory analysis

  • Research and technical problem solving

  • Clear reporting and cross-team communication

About the company

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies. Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

Apply for this position