Senior DFIR Analyst

Virginia Jobs

$120K — $140K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years experience in digital forensics across endpoints, servers, cloud, and mobile environments.
  • Strong background in analyzing network and host-based artifacts including operating systems and logs.
  • In-depth knowledge of incident response processes such as triage, containment, and recovery.
  • Familiarity with DFIR tools like EnCase, FTK, and Splunk, along with understanding adversary tactics and techniques.
  • Experience leading investigations related to data breaches and advanced persistent threats.
  • Understanding of IT environments and enterprise security controls, including Active Directory.
  • Proficient in Microsoft Office Suite for report generation and documentation.

Responsibilities

  • Oversee daily operations of the cybersecurity incident response function.
  • Supervise the analysis and classification of cybersecurity incidents.
  • Coordinate statewide responses to security threats efficiently.
  • Manage the Commonwealth's computer forensics laboratory activities.
  • Lead threat tracking, vulnerability monitoring, and security advisory development.
  • Act as a liaison between internal and external security teams and law enforcement.
  • Evaluate and improve the state's cybersecurity posture through interagency coordination.

Benefits

  • Eligible for one day of telework per week.
  • Opportunity to work with a significant public agency impacting state security.
  • Engagement with a wide range of stakeholders, enhancing networking opportunities.
  • Access to a computer forensics laboratory for hands-on experience.
  • Contributions to statewide cybersecurity initiatives and improvement.
Full Job Description
Title: Senior DFIR Analyst

State Role Title: Info Technology Specialist III

Hiring Range: $120,000 - $140,000

Pay Band: 6

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: https://www.vita.virginia.gov/

Recruitment Type: General Public - G

Job Duties

The purpose of this position is to oversee and manage the daily operations of the Commonwealth of Virginia's security incident response function within the Virginia Information Technologies Agency (VITA).

The position is responsible for supervising the collection, analysis, and classification of cybersecurity incidents, and for coordinating timely and effective statewide responses to security threats.

This role ensures that incidents are properly triaged, investigated, documented, and communicated in accordance with Commonwealth security policies, standards, and statutory requirements.

The position serves as a primary coordination point between internal VITA security teams, external security organizations, state agencies, and law enforcement entities. It monitors emerging threats, assesses potential impacts to Commonwealth systems, and recommends appropriate mitigation or response actions.

The role also manages the Commonwealth's computer forensics laboratory and ensures investigative activities are conducted in a secure, authorized, and properly documented manner.

Key responsibilities include collecting and evaluating all computer security incident information; responding to cybersecurity events within the established jurisdiction; assisting agency incident response teams as needed; and ensuring investigations are routed appropriately.

The position also leads efforts in threat tracking, vulnerability monitoring, and security advisory development. It is responsible for disseminating advisories to agencies, gathering agency feedback, and using that input to enhance incident response capabilities, products, and services.

Additionally, the position fulfills multiple liaison functions, serving as a security response liaison across state agencies, with external directorates, with law enforcement partners, and with the Centralized Operations Center.

The role evaluates and reports on Commonwealth threat data and contributes to continuous improvement of the statewide cybersecurity posture through analysis, communication, and interagency coordination.

Minimum Qualifications

Considerable experience performing digital forensics (endpoint, server, cloud, and mobile) including evidence acquisition, preservation, and analysis following defensible forensic methodologies.

Considerable experience analyzing host-based and network-based artifacts (Windows, Linux, memory dumps, disk images, logs, registry data, packet captures, cloud telemetry).

Considerable knowledge of cybersecurity incident response-including triage, scoping, containment, eradication, and recovery-paired with the ability to perform static and behavioral malware analysis to interpret indicators and support effective threat attribution and response.

Considerable knowledge of industry standard DFIR tools (e.g., EnCase, FTK, Cellebrite, Volatility, Autopsy, KAPE, ELK/Splunk, EDR platforms).

Considerable knowledge of adversary TTPs and familiarity with frameworks such as MITRE ATT&CK, threat intelligence consumption, and correlation.

Experience leading or supporting complex investigations involving data exfiltration, insider threats, privilege escalation, ransomware, or advanced persistent threats (APTs).

Knowledge of enterprise scale IT environments, including Active Directory, virtualization, cloud platforms, and common enterprise security controls.

Considerable experience with Microsoft Office productivity products (Excel, Word, PowerPoint, Outlook, Teams).

Experience working with internal and external stakeholders and produce high-quality written reports, executive summaries, and defensible forensic documentation suitable for legal or regulatory review.

Experience with interpretation and application of federal, state laws/regulations/standards/policies.

Additional Considerations

Advanced digital forensics or threat hunting expertise, including deep experience with memory forensics, reverse engineering, development of detection logic and analysis of sophisticated threat actor tradecraft.

Proficiency conducting investigations in cloud environments (Azure, AWS, M365) including log acquisition, identity related forensics, and cloud native threat hunting.

Experience leading incident response engagements involving advanced persistent threats (APTs), zero-day exploitation, or multistage intrusion campaigns.

Knowledge of regulatory, audit, and evidentiary requirements relevant to government environments, including defensible documentation practices.

Demonstrated ability to mentor junior analysts, guide agency ISOs during active incidents, and advise leadership with clear technical recommendations as part of a SOC environment, MSSP or large-scale managed detection and response program.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

The Commonwealth of Virginia welcomes all applicants authorized to work in the United States. Sponsorship is not provided; therefore, applicants must be a citizen or national of the U.S., a Lawful Permanent Resident, or an alien authorized to work.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications, resumes, cover letters, etc. in any other format. Please refer to "Your Application" in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Contact Information

Name: VITA Human Resources



Email: [email protected]

Similar Jobs

More Jobs at Virginia Jobs

More Information Technology Jobs

Find similar Senior DFIR Analyst jobs: