Intrusion Analyst

Spry Methods • Washington, District of Columbia, United States • 15h ago

Intrusion Analyst

Who Were Looking For (Position Overview):

Were looking for an Intrusion Analyst to conduct intrusion-focused digital forensics across host and network evidence, reconstruct attack activity, and communicate findings that can stand up to investigative and legal scrutiny. This role is part of a digital forensics capability supporting complex cyber and computer intrusion cases.

The ideal candidate is a disciplined examiner with strong technical depth, excellent documentation habits, and the ability to explain complex intrusion activity to non-expert audiences.

What Your Day-To-Day Looks Like (Position Responsibilities):

Intrusion-Focused Forensic Analysis
Perform host- and network-based forensic analysis across Windows, Linux, macOS, and mobile platforms.
Examine volatile memory, log exports, and pre-acquired datasets; identify IOCs and adversary TTPs; reconstruct timelines and scope.
Tool-Driven Investigation & Automation
Use forensic and analysis tooling such as Magnet Axiom, X-Ways, FTK, Volatility, Splunk, ELK Stack, and open-source utilities.
Apply scripting/automation (Python, PowerShell, Bash) to accelerate artifact parsing and correlation.
Reporting, Testimony Readiness & Quality
Produce thorough documentation of findings and conclusions; communicate clearly for non-expert audiences.
Successfully complete a mock examination and defend results in a practical courtroom exercise (Government-run).
Operational Support
Support mission needs that may drive irregular hours and location-specific requirements depending on investigative activity.

What You Need to Succeed (Minimum Requirements):

Citizenship & Clearance
U.S. Citizenship required.
Active TS clearance with SCI eligibility required.
Digital Forensics Depth
Demonstrated experience with intrusion-focused forensic analysis across host/network artifacts and multiple OS platforms.
Courtroom-Defensible Communication
Strong writing and verbal communication skills; ability to present findings clearly and defend methodologies.

Ideally, You Also Have (Preferred Qualifications):

Experience supporting rapid response investigative operations that may require extended/irregular hours.
Experience correlating enterprise telemetry sources (security device logs, captures, cloud logs) to identify persistence, escalation, lateral movement, and exfiltration.