Job Description

Computer Forensic Analyst

The Joint Service Provider (JSP) Defense Cyber Operations Internal Defense Measures (DCO IDM) program is searching for a Forensics Analyst to join their team in Arlington, VA. The Joint Service Provider (JSP) program provides a full range of cybersecurity products, services, solutions and customer support to the Office of the Secretary of Defense (OSD), the Chairman of the Joint Chiefs of Staff (CJCS), the Joint Staff (JS), the Director of Administration (DA), the Pentagon Force Protection Agency (PFPA), the Washington Headquarters Services (WHS) and other various OSD offices.


The role of the analyst is to recover data like documents, photos and e-mails from computer hard drives and other data storage devices, such as zip and flash drives, which have been deleted, damaged or otherwise manipulated. A computer forensic analyst may also use their expertise to protect computers from infiltration, determine how a computer was broken into or recover lost files. Analysts might be responsible for assisting law enforcement with cyber-crimes and/or to retrieve evidence.


Computer forensic analysts use forensic tools and investigative methods to find specific electronic data, including Internet use history, word processing documents, images and other files. They use their technical skills to hunt for files and information that have been hidden, deleted or lost. They help investigators and other officials analyze data and evaluate its relevance to the case under investigation. Analysts also transfer the evidence into a format that can be used for legal purposes (i.e. criminal trials) and often testify in court themselves.


Computer forensic analysts must be familiar with standard computer operating systems, networks and hardware as well as security software and document-creation applications. Analysts must have expertise in hacking and intrusion techniques and prior experience with security testing and computer system diagnostics. As their title suggests, analysts are expected to have excellent analytical skills, to be highly conscious of details and to be able to multi-task efficiently.



  • Demonstrate expert-level knowledge of network traffic and communications, including known ports and services;
  • Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework;
  • Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances;
  • Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based;
  • Demonstrate understanding of DoD accreditation policies, processes, and practices;
  • Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;
  • Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings;
  • Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports;
  • Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture;
  • Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques;
  • Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]);
  • Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage);
  • Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])
  • Performs forensic analysis of digital information and gathers and handles evidence
  • Identifies network computer intrusion evidence and perpetrators
  • Investigates computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types
  • Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports





Bachelor of Science Degree in a technical field (OR 4+ years of experience in Incident Response in lieu of a degree)





Required Qualifications:

  • Active Top Secret (w/SCI eligibility) security clearance
  • 6+ years of Incident and Malware analysis experience within DoD or IC environment
  • Certified Ethical Hacker (CEH) Certification
  • DoD 8570 IAT Level II Certification
  • DoD 8570 IASAE/CND Certification
  • Experience performing forensic analysis (exp w/EnCase is ideal)
  • Experience with Computer Network Defenses (CND)
  • Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis


Preferred Qualifications:

  • One or more of the following certifications: CISSP, CISA, GCIH, GCED, CASP, CCNP Security
  • Knowledge of and/or experience with forensic tool, EnCase
  • Knowledge/Understanding of the Diamond Model Concept
  • Familiar with DoD hierarchy and reporting chain
  • Situational Awareness of how to perform report research on U (OSINT)/S/TS
  • Basic networking and PCAP deciphering capabilities
  • Excellent verbal and written communication skills

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online