Mobile Threat & Forensics Analyst

Location: Arlington, VA (Hybrid: Onsite & Remote)
Clearance Required: Active Secret Clearance Required (TS/SCI strongly preferred)
Employment Type: Full-Time, Regular

Position Overview

Special Aerospace Security Services, Inc. (SASSI) is seeking a highly motivated Mobile Threat & Forensics Analyst to support a U.S. Government customer in delivering advanced mobile security, malware analysis, digital forensics, and incident response support services within enterprise cybersecurity environments.

This position supports evolving cybersecurity operations focused on mobile threats, advanced forensic investigations, malware analysis, phishing investigations, mobile application analysis, and proactive threat identification activities across both traditional and mobile platforms. The selected candidate will work closely with cybersecurity operations, threat intelligence, incident response, and enterprise security teams to support investigative, analytical, and operational cybersecurity missions.

SASSI is seeking candidates capable of supporting complex investigative and analytical activities with minimal oversight while operating within fast-paced operational environments supporting federal cybersecurity missions.

Work Environment

This is a hybrid position requiring a combination of onsite support in Arlington, VA and remote work.

Candidates must be able to:

• Maintain availability during core business hours (Monday-Friday)
• Support onsite mission requirements, classified work, and collaborative operational activities
• Participate in incident response, investigative, and operational activities as required
• Remain responsive and engaged during remote support activities through Microsoft Teams, email, and other communication platforms

Key Responsibilities

• Perform malware analysis utilizing static and dynamic analysis techniques to identify malicious behavior, persistence mechanisms, attack vectors, and indicators of compromise (IOCs)
• Conduct digital forensic analysis of systems, removable media, and mobile devices involved in cybersecurity incidents or investigations
• Perform mobile device forensic analysis across iOS and Android platforms utilizing forensic acquisition and analysis tools
• Investigate phishing emails, malicious attachments, suspicious URLs, spoofed domains, and command-and-control (C2) communications
• Analyze mobile applications, APK/IPA files, suspicious software, and mobile-specific attack techniques
• Capture and analyze volatile memory, logs, browser artifacts, system activity, and forensic evidence from compromised devices and systems
• Support proactive threat identification, mobile threat analysis, and investigative activities across enterprise environments
• Develop indicators of compromise (IOCs), signatures, YARA rules, detection logic, and analytical findings to support threat detection and incident response
• Collaborate with cybersecurity operations, threat intelligence, vulnerability management, and incident response teams
• Prepare technical reports, forensic findings, investigative summaries, and operational briefings
• Maintain proper evidence handling, chain-of-custody, and investigative documentation procedures
• Support analysis of emerging threats, malware trends, and mobile security risks impacting enterprise environments

Required Qualifications (Mid-Level)

• U.S. Citizenship required
• Active Secret clearance required
• Bachelor's degree in Cybersecurity, Computer Science, Digital Forensics, Information Technology, Computer Engineering, or related discipline (equivalent experience considered)
• Minimum 5 years of experience supporting cybersecurity operations, malware analysis, digital forensics, incident response, mobile security, or related investigative activities
• Experience supporting forensic investigations involving Windows, Linux, iOS, and/or Android platforms
• Experience analyzing phishing emails, malicious files, suspicious URLs, and indicators of compromise
• Familiarity with malware analysis concepts, digital forensic methodologies, and incident response procedures
• Experience utilizing cybersecurity and forensic tools such as:
  • Cellebrite
  • FTK
  • EnCase
  • Volatility
  • Wireshark
  • IDA Pro
  • Ghidra
  • X-Ways
  • VirusTotal
  • Sandbox analysis platforms
• Understanding of operating systems, file systems, executable formats, and network protocols
• Experience with scripting or automation using Python, PowerShell, Bash, or similar languages
• Strong analytical, investigative, documentation, and communication skills
• Ability to work independently within operational cybersecurity environments

Preferred Qualifications (Senior-Level Experience)

Candidates possessing one or more of the following advanced qualifications are strongly preferred:

• 8+ years of experience supporting malware analysis, mobile security, digital forensics, threat hunting, or incident response operations
• Advanced experience conducting mobile forensic investigations across iOS and Android platforms
• Experience with advanced mobile extraction methodologies and tools such as:
  • Cellebrite Premium
  • GrayKey
  • Oxygen Forensics
• Experience performing reverse engineering and analysis of malicious mobile applications, APK/IPA files, and mobile malware
• Experience analyzing nation-state, spyware, or advanced persistent threat (APT) activity targeting mobile platforms
• Familiarity with Android and iOS internals, mobile operating system artifacts, SQLite databases, plist files, logs, and mobile telemetry
• Experience supporting enterprise mobile security initiatives, including Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) environments
• Experience performing proactive threat hunting, detection engineering, or advanced forensic analysis activities
• Experience supporting classified, federal, or national security cybersecurity environments
• Ability to mentor junior analysts and support complex investigative or incident response activities with minimal oversight

Preferred Certifications

One or more of the following certifications is preferred:

• GREM
• GCFA
• GNFA
• GCIH
• GCED
• CISSP
• CASP+
• CySA+
• Security+
• CREA
• OSCP / OSEP
• CEH

Desired Technical Skills

• Malware analysis and reverse engineering
• Mobile device forensics
• Mobile malware analysis
• Digital forensics and incident response
• Threat hunting and threat analysis
• Phishing and email analysis
• URL/domain analysis
• Network traffic analysis
• Enterprise cybersecurity operations
• Scripting and automation
• Threat intelligence and IOC development
• MITRE ATT&CK framework familiarity