Mid-Level Digital Forensics Analyst

Position Title: Mid-Level Digital Forensics Analyst

Location: Portland, OR | Full-Time

Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer.

Cybervance combines advanced cybersecurity expertise with proven federal contracting experience to deliver innovated, mission-focused solutions for U.S. Government agencies. We are committed to helping our partners achieve measurable improvements in security and resilience.

We are seeking a full-time Mid-Level Digital Forensics Analyst who supports and conducts digital forensic investigations related to cybersecurity incidents, insider threats, data loss, and policy or regulatory inquiries. This role performs hands‑on forensic analysis under established methodologies while working closely with senior forensics staff, incident response teams, and legal or compliance stakeholders.

The ideal candidate has practical forensic experience, strong attention to evidentiary detail, and the ability to independently analyze systems while escalating complex findings appropriately.

Responsibilities

• Conduct forensic analysis on endpoints, servers, and removable media.
• Acquire, preserve, and analyze digital evidence in accordance with forensic best practices.
• Perform disk, memory, and artifact analysis to identify user activity, malware, or unauthorized access.
• Support investigations involving security incidents, insider activity, and data exfiltration.

• Assist incident response teams with forensic scoping, timeline creation, and root cause analysis.
• Analyze forensic artifacts to determine attack vectors, persistence mechanisms, and impact.
• Identify indicators of compromise (IOCs) and support remediation efforts.

• Maintain proper evidence handling and chain‑of‑custody documentation.
• Produce clear forensic notes, findings, and supporting artifacts.
• Contribute to forensic and incident reports used by technical, legal, or leadership teams.

• Utilize forensic tools for data acquisition, analysis, and reporting.
• Perform artifact validation and cross‑verification to ensure analytical accuracy.
• Support improvements to forensic workflows and repeatable procedures.

• Work closely with senior forensic analysts and incident responders.
• Participate in tabletop exercises, incident reviews, and training activities.
• Continue skill development in forensic techniques, tools, and emerging technologies. Required Skills & Qualifications

• 3–5 years of experience in digital forensics, incident response, or cybersecurity analysis.
• Hands‑on experience performing forensic acquisitions and analysis.
• Solid understanding of:
• Windows and Linux operating systems
• File systems, logs, and system artifacts
• Common attacker behaviors and malware indicators
• Strong documentation and written communication skills.
• Ability to follow evidence handling and legal defensibility requirements.

Preferred Qualifications

• Experience with memory forensics, log correlation, or malware triage.
• Familiarity with cloud, SaaS, or email forensics (e.g., M365, cloud platforms).
• Scripting or automation experience (Python, PowerShell, Bash).
• Certifications such as GCFA, GCIH, CHFI, EnCE, or equivalent.
• Experience in regulated, enterprise, or government environments.