Cyber Security Analyst III (Digital Forensics)

Position Overview

The primary duty of the Cyber Security Analyst III (Digital Forensics) is the planning and execution of digital forensic investigations, support of electronic discovery (e-discovery) activities, and assistance with incident response efforts across the organization’s federal information systems at the Hanford Site. The incumbent applies forensically sound methodologies to preserve, collect, analyze, and document digital evidence from a variety of sources including endpoints, servers, network logs, mobile devices, and cloud environments. The role collaborates closely with Legal, HR, IT Operations, and GRC teams, and ensures all investigative activities maintain chain of custody integrity and comply with applicable federal regulations and organizational policy.

Major Activities (Typical Duties/Responsibilities)

Conduct end-to-end digital forensic investigations, including evidence identification, preservation, acquisition, analysis, and reporting in accordance with accepted forensic standards (e.g., NIST SP 800-86).

Perform forensic imaging and analysis of physical and virtual endpoints (Windows, Linux, macOS), storage media, and mobile devices using industry-standard tooling.

Support electronic discovery (e-discovery) activities, including data identification, legal hold implementation, collection, processing, and production in coordination with Legal counsel.

Analyze file systems, registry artifacts, browser history, email archives, log files, and other digital artifacts to reconstruct timelines and identify indicators of malicious or unauthorized activity.

Conduct memory forensics and volatile data analysis during active incident response to identify malware, injected code, and attacker persistence mechanisms.

Support network forensics activities, analyzing packet captures and network flow data to reconstruct communications and identify data exfiltration or lateral movement.

Maintain rigorous chain of custody documentation for all evidence, ensuring admissibility and defensibility in administrative, civil, or law enforcement proceedings.

Collaborate with the Security Operations team to support incident response activities, providing forensic analysis to characterize scope, root cause, and attacker activity.

Produce clear, thorough forensic investigation reports and executive summaries suitable for legal review, management briefings, and regulatory submissions.

Manage and maintain the forensic lab environment, including hardware, licensed tooling, write blockers, and evidence storage in compliance with evidence handling policies.

Provide mentorship and technical guidance to junior analysts on forensic methodology, tool usage, evidence handling, and documentation standards.

Stay current on evolving forensic techniques, anti-forensic methods, and legal and regulatory requirements affecting digital evidence handling.

Perform other duties as appropriate and as assigned.

Knowledge/Skills/Abilities

Demonstrated proficiency with digital forensic methodologies and standards, including NIST SP 800-86 (Guide to Integrating Forensic Techniques into Incident Response) and accepted principles of digital evidence handling.

Hands-on experience with industry-standard forensic tools, including EnCase, FTK (Forensic Toolkit), Autopsy, Magnet AXIOM, Volatility, and equivalent tooling.

Strong knowledge of Windows and Linux file systems, artifact locations, and forensic artifact analysis (registry, prefetch, LNK files, event logs, $MFT, shellbags, etc.).

Proficiency with e-discovery processes and platforms (e.g., Relativity, Nuix, or equivalent), including legal hold workflows and data processing for legal production.

Experience with memory forensics and volatile data analysis using tools such as Volatility or equivalent.

Familiarity with network forensics techniques, including packet capture analysis (Wireshark, NetworkMiner) and SIEM log correlation.

Understanding of cloud forensics concepts and the challenges of evidence acquisition in AWS, Azure, or equivalent environments.

Knowledge of mobile device forensics principles and tooling (e.g., Cellebrite UFED, Oxygen Forensics, or equivalent).

Understanding of applicable legal and regulatory frameworks governing digital evidence handling, including Federal Rules of Civil Procedure (FRCP) e-discovery requirements and DOE federal records management obligations.

Proficiency with scripting (Python, PowerShell, or Bash) for forensic automation, artifact parsing, and timeline generation.

Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others.

Superior organizational, follow-up, and detail-oriented skills.

Strong ability to analyze documents and categorize appropriately.

Ability to maintain accurate records.

Work independently, as well as on a team and with minimal supervision.

Make decisions, solve problems, and exercise excellent judgment.

Work well under pressure and independently prioritize workload, while working on multiple projects.

Ability to research, organize and analyze technical information with particular attention to accuracy and detail.

Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills.

Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases.

High degree of sensitivity regarding confidential information.

Physical Abilities

Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time.

Visual and communications ability adequate to perform the essential functions of the job.

Ability to kneel, bend and twist at the waist on an occasional basis.

Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion.

Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis.

Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle.

Minimum Qualifications

Bachelor’s degree in Cybersecurity, Digital Forensics, Computer Science, Information Systems, or a related technical discipline and 5+ years of progressive experience in cybersecurity, with at least 3 years of hands-on experience in digital forensics, incident response, or e-discovery in a professional or regulated environment; or equivalent combination of education, experience, and training.

Ability to pass a background and drug screening.

Must have identification compliant with the Real ID Act at time of hire.

Must be able to obtain Department of Energy access badge.

Must be able to obtain and maintain a U.S. government security clearance. 

Preferred Qualifications

Experience conducting digital forensic investigations or e-discovery in a federal agency, DOE facility, or regulated industry environment.

Demonstrated experience supporting legal proceedings, administrative investigations, or law enforcement referrals as a forensic examiner.

Experience with cloud forensics and log acquisition from AWS CloudTrail, Azure Monitor, or equivalent cloud-native sources.

Familiarity with SIEM platforms (e.g., Splunk, Microsoft Sentinel, or equivalent) and their role in supporting forensic investigations.

Experience with OT/ICS or SCADA system forensics relevant to industrial control environments.

Relevant certifications such as GCFE or GCFA (GIAC), EnCE (OpenText), CCE (ISFCE), CFCE (IACIS), CompTIA CySA+, or equivalent.

Pay Range: $89,596-$158,000

Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. 

OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities.  

OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. 

Reasonable Accommodation:

OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email [email protected].

Important Employment Notice: Federal Contract & RCW 49.44.240:

Due to our status as a federal contractor operating within the State of Washington, all applicants and employees must adhere to federal law, which classifies cannabis as a Schedule I controlled substance.

While Washington State’s RCW 49.44.240 (which generally prohibits employers from discriminating against an applicant based on their lawful use of cannabis off-site and during working hours) is state law, it does not supersede federal requirements.

Zero-Tolerance Policy and Disqualification

Prohibition: The use, possession, or distribution of cannabis is strictly prohibited for all employees, regardless of state law.

Testing: Applicants will be subject to pre-employment drug screening that includes testing for cannabis.

Disqualification: A positive test result for cannabis will result in immediate disqualification from consideration for employment, as mandated by our federal contract obligations.

All applicants must be able to comply with all federal regulations, including those concerning controlled substances, as a condition of employment.