MITRE's Digital Investigations Department (L515) delivers innovative technical solutions and capabilities primarily focused on support to law enforcement and investigative cyber operations conducted by sponsors, most notably within DOJ, DHS, and DoW. The department's core technology areas are: • Digital Investigations and Cases • Digital/Media/Mobile Device Access and Forensics • Digital Artifact Discovery • Digital Evidence Processing • Cryptocurrency Analysis and Seizure • Cyber Attribution • Darkweb Research • Financial Cybercrime Analysis • Social Media Exploitation Roles & Responsibilities: • Conduct digital investigations related to cybersecurity incidents, insider threat concerns, policy violations, and suspicious activity. • Collect, preserve, analyze, and document digital evidence from endpoints, servers, mobile devices, cloud environments, logs, and network sources. • Support cybersecurity operations by triaging alerts, correlating threat activity, and assisting with incident response and containment efforts. • Perform forensic analysis using industry-standard tools and methodologies to determine attack vectors, timeline of events, impacted systems, and scope of compromise. • Maintain chain of custody and proper evidence handling procedures in support of internal investigations and potential legal or regulatory matters. • Analyze system, application, security, and network logs to identify indicators of compromise and anomalous behavior. • Collaborate with Security Operations Center, Threat Intelligence, IT, HR, Legal, and Compliance teams during investigations. • Prepare clear, concise, and defensible investigative reports, briefings, and technical documentation for both technical and non-technical audiences. • Assist in developing and improving digital investigation procedures, playbooks, and evidence collection standards. • Recommend remediation and mitigation actions based on investigative findings. • Stay current on emerging cyber threats, attacker tactics, forensic techniques, and relevant technologies. Basic Qualifications: • Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience • Experience supporting investigations involving endpoints, operating systems, user activity, malware, or network-based threats. • Familiarity with common forensic and investigative tools, SIEM platforms, endpoint detection and response tools, and log analysis solutions. • Knowledge of incident response processes, digital evidence handling, and forensic best practices. • Understanding of Windows, Linux, and/or macOS operating systems and associated artifacts relevant to investigations. • Strong analytical, problem-solving, and documentation skills. • Ability to communicate investigative findings clearly to technical and non-technical stakeholders. • This position requires a minimum of 50% hybrid on-site Preferred Qualifications: • Experience in a Security Operations Center, Computer Security Incident Response Team, or digital forensics function. • Familiarity with cloud investigation techniques in environments such as Azure, AWS, or Google Cloud. • Experience with eDiscovery, insider threat investigations, or fraud-related digital analysis. • Exposure to malware analysis, threat hunting, or network forensics. • Relevant certifications such as Security+, CySA+, GCFA, GCIH, GCFE, EnCE, CHFI, or similar. • Knowledge of regulatory, compliance, and privacy considerations related to investigations. This requisition requires the candidate to have a minimum of the following clearance(s): None This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s): None Salary compensation range and midpoint: $158,800 - $198,500 - $238,200 Annual Work Location Type: Hybrid