Senior Cyber Defense Forensics Analyst with Security Clearance

Description Clearwaters.IT is seeking an experienced Senior Cyber Defense Forensics Analyst to support a program with the Department of Commerce. This role involves applying advanced forensic techniques and methodologies to detect, analyze, and mitigate threats. The analyst will perform hypothesis-based and intelligence-based cyber threat hunts, analyze large data sets, identify novel attack techniques, and work closely with other security teams to defend against potential intrusions. The position requires expertise in forensic evidence collection, intrusion analysis, and reporting to ensure that all cyber incidents are managed effectively and in accordance with federal rules and best practices. This position is 100% on-site in Washington D.C. This position is contingent on the award. Responsibilities: Lead and manage the Threat Hunt and Forensics Team, setting direction, overseeing operations, and developing team capabilities. Establish and maintain the team's mission, objectives, Standard Operating Procedures (SOPs), and Concept of Operations (CONOPS). Ensure collaboration and integration with the Cyber Threat Intelligence (CTI) Team and Continuous Penetration Testing Team. Provide strategic oversight for incident response, digital forensics, and threat hunting activities. Be on call before and after normal hours of operation including weekends and holidays. Perform active threat hunting based on current Cyber Threat Intelligence (CTI) and the MITRE ATT&CK Framework. Conduct cloud-focused threat hunting within Azure environments, leveraging telemetry and tools such as Microsoft Defender for Cloud, Microsoft Sentinel, and Log Analytics. Develop and execute cyber hunt operations using attack hypotheses tailored to the DOC IT environment. Independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts. Receive and apply IOCs and TTPs from the CTI Team to guide internal threat hunts. Execute IOC sweeps, host interrogation, and persistent threat hunting to proactively defend DOC systems. Analyze known and emerging threat actor behavior, including APTs and cybercriminal groups, to detect internal adversarial activity. Conduct network and host-based digital forensic analysis in response to cybersecurity incidents. Reconstruct sequences of events leading to compromises or breaches. Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers. Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. Provide a technical summary of findings in accordance with established reporting procedures. Collect, process, analyze, preserve, and present computer-related evidence to support cyber incidents, law enforcement, fraud, and counterintelligence investigations. Prepare Enterprise Forensics Reports, Malware Analysis Reports, and Advanced Hunting Plans, maintaining alignment with SOPs. Ensure that the chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. Recognize and accurately report forensic artifacts indicative of a particular operating system. Extract data using data carving techniques (e.g., Forensic Tool Kit FTK , Foremost). Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Collaborate with the CTI Team to align relevant tactics, techniques, and procedures (TTPs) and share intelligence for prioritized threats. Coordinate with internal and external stakeholders, including CIO, CISO, DHS, and BOC CIRT, to support shared cybersecurity goals. Provide regular status updates, maintain a daily activity tracker, and support enterprise reporting requirements. Support intelligence-driven operations and incident response with timely forensic findings and threat hunting outcomes. Apply advanced tools, techniques, and industry best practices for threat detection, analysis, and response. Maintain expert knowledge across IT platforms to effectively understand, detect, and respond to adversarial techniques and digital footprints. Requirements Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required. Master's degree is preferred. A minimum of 7 years of experience in cybersecurity, digital forensics, incident response or a related field is required. Active TS/SCI Clearance Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), Certified Information Systems Security Professional (CISSP), or other relevant certifications in digital forensics or cybersecurity are required. GIAC Cyber Threat Intelligence (GCTI), GIAC Network Forensics (GNFA), or similar certifications are a plus. In-depth knowledge of cyber forensics and incident investigation techniques, with practical experience using forensic tools such as FTK, EnCase, and Volatility. Proficient in threat detection, analysis of malware, and use of advanced threat intelligence platforms. Expertise in forensic tools and techniques for data carving and analysis, including FTK, Foremost, and other digital forensics tools. Knowledge of the MITRE ATT&CK Framework and Azure Threat Research Matrix (ATRM) to identify and analyze threat actors, tactics, and techniques. Experience with cloud-native security practices and tools for threat detection and hunting in cloud environments. Ability to work with large datasets, perform data correlation, and identify patterns indicative of security threats or intrusions. Proficiency in using Agile methodologies to organize and manage tasks, track progress, and ensure timely delivery of threat intelligence and forensic analysis reports. Excellent written and verbal communication skills, with the ability to clearly document findings, communicate technical issues, and present complex data to both technical and non-technical stakeholders. Experience working within the federal government or a similar public-sector environment, with a focus on cybersecurity operations or digital forensics. Benefits Competitive salary and benefits package, including: Health, dental and vision insurance 401(k) with company match Paid time off (PTO) for vacation, sick leave, and personal days Professional development reimbursement Other benefits, including life insurance, disability insurance, and employee assistance programs