cFocus Software Incorporated

Compensation

Full Description

cFocus Software seeks a Digital Forensics Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. Qualifications: Bachelor’s degree in Cybersecurity, Digital Forensics, Information Technology, or related field. Minimum 5–8 years of experience performing digital forensic investigations. Hands-on experience with endpoint, server, network, and cloud forensics. Strong knowledge of forensic acquisition, analysis, and evidence handling procedures. Experience supporting enterprise incident response and breach investigations. Familiarity with federal incident response and reporting requirements. Strong analytical, documentation, and communication skills. Active GCFA, GCFE, EnCE, or GCIH (preferred). Duties: Conduct digital forensic investigations following cybersecurity incidents, data breaches, and suspected malicious activity. Perform forensic acquisition and analysis of endpoints, servers, cloud workloads, network traffic, logs, and removable media. Preserve digital evidence in accordance with chain-of-custody and evidentiary handling requirements. Identify incident origin, timeline, scope, and extent of compromise using forensic methodologies. Analyze malware artifacts, scripts, and suspicious files to determine functionality and impact. Support reverse engineering and de-obfuscation of malicious content when required. Correlate forensic findings with SIEM, EDR, network, and cloud telemetry. Produce detailed forensic reports documenting methodology, findings, evidence, and recommendations. Support incident containment, eradication, and recovery activities through forensic insight. Assist with investigations involving PII, PHI, and other sensitive data in coordination with HRSA Privacy and Legal teams. Support FOIA searches, OGC litigation holds, and OIG criminal investigations as required. Maintain forensic toolsets, images, and procedures in accordance with HRSA SOPs. Participate in cyber exercises, tabletop exercises, and after-action reviews. Provide expert guidance to SOC Analysts, Incident Responders, and Threat Hunters. Ensure compliance with NIST SP 800-61, NIST SP 800-86, and HHS incident response guidance.