Posted today
Top Secret/SCI
$140,000 - $200,000
Polygraph
MD (On-Site/Office)
DESCRIPTION
Position: Computer Forensics Specialist (Expert) - Digital Media Forensics Team Support
Location: Fort Meade/Linthicum, MD (on-site)
Security Clearance: TS/SCI required; CI-poly eligibility highly desired (ability to complete polygraph as directed).
Salary Range: $140,000 - $200,000
Job Description:
The Expert Computer Forensics Specialist leads the Digital Media Forensics Team in support of counterintelligence (CI) and counterterrorism (CT) investigations. This role executes the full forensic lifecycle (on-site/off-site acquisition, lab analysis, reporting) for host-based and mobile devices, conducts incident response/malware triage, and mentors other forensics specialists. The Expert also designs and delivers training, evaluates emerging technologies (software/hardware), performs operational security assessments, and authors/maintains SOPs to standardize and improve forensic workflows
Core Responsibilities
· Support CI/CT investigations by researching, designing, deploying, and leading training events for examiners and analysts; create training artifacts and checklists that codify best practices.
· Conduct operational security assessments tied to forensic operations and coordinate with Tech Ops/Cyber teams for secure handling and storage of evidence.
· Evaluate and test emerging digital forensic software/hardware; recommend adoption paths and integration steps; document validation/verification of tools for evidentiary defensibility.
· Develop and refine forensic procedures/SOPs and end-to-end workflows (acquisition ? analysis ? reporting) to improve cycle times and quality against established thresholds.
· Recover data (documents, photos, emails, log files) from hostile or damaged systems; hunt for hidden/deleted/manipulated files and internet artifacts (history, cookies, cache, cloud sync).
· Perform mobile device forensics (logical/physical extractions, app artifact analysis); corroborate host/mobile findings for holistic case narratives.
· Maintain chain of custody and adhere to rules of evidence; prepare lab worksheets, imaging notes, and custody logs for audit readiness.
· Produce intelligence-leveled reporting and detailed process documentation (e.g., AARs, capability/architecture assessments, policy analysis, analytical information reports); ensure timeliness, clarity, and accuracy.
· Brief findings to technical/non-technical audiences; provide testimony support when required.
· Coordinate priorities and schedules with COR/TPOC/PMO; provide status inputs and update risk/issue logs for forensic operations.
REQUIREMENTS
Minimum Qualifications
· TS/SCI clearance (active); CI-poly eligibility preferred
· DoD Certified Digital Forensic Examiner (DFE).
· Team-level certifications covering at least one of: CFCE, GCFE, EnCase Certified Examiner must have minimum 2 years host-based and mobile device forensics.
· Proven execution of full forensic lifecycle with chain of custody and evidentiary protocols.
· Ability to collaborate with CI/HUMINT, Cyber, and Tech Ops stakeholders.
Minimum Education Qualifications
· High school diploma and 20 years of relevant experience with at least a portion of the experience in the last two years OR
· Associate degree and 17 years of relevant experience with at least a portion of the experience in the last two years OR
· Bachelor's degree and 15 years of relevant experience with at least a portion of the experience within the last 2 years OR
· Master's degree and 15 Years of relevant experience with at least a portion of the experience within the last 2 years.
Preferred Qualifications
· 10+ years recent digital forensics in DoD/IC environments; experience in malware triage and incident response supporting CI/CT missions.
· Additional certifications (e.g., EnCE, CFCE, GCFA/GNFA, GREM, CCE).
· Experience designing/running forensic labs, tool validation programs, and writing SOPs; history of optimizing workflows and reducing cycle time.
· Familiarity with RMF, ACIC editorial standards, and integration with Tech Ops/Cyber investigative processes.
*Position is contingent upon award
#CJ
Position: Computer Forensics Specialist (Expert) - Digital Media Forensics Team Support
Location: Fort Meade/Linthicum, MD (on-site)
Security Clearance: TS/SCI required; CI-poly eligibility highly desired (ability to complete polygraph as directed).
Salary Range: $140,000 - $200,000
Job Description:
The Expert Computer Forensics Specialist leads the Digital Media Forensics Team in support of counterintelligence (CI) and counterterrorism (CT) investigations. This role executes the full forensic lifecycle (on-site/off-site acquisition, lab analysis, reporting) for host-based and mobile devices, conducts incident response/malware triage, and mentors other forensics specialists. The Expert also designs and delivers training, evaluates emerging technologies (software/hardware), performs operational security assessments, and authors/maintains SOPs to standardize and improve forensic workflows
Core Responsibilities
· Support CI/CT investigations by researching, designing, deploying, and leading training events for examiners and analysts; create training artifacts and checklists that codify best practices.
· Conduct operational security assessments tied to forensic operations and coordinate with Tech Ops/Cyber teams for secure handling and storage of evidence.
· Evaluate and test emerging digital forensic software/hardware; recommend adoption paths and integration steps; document validation/verification of tools for evidentiary defensibility.
· Develop and refine forensic procedures/SOPs and end-to-end workflows (acquisition ? analysis ? reporting) to improve cycle times and quality against established thresholds.
· Recover data (documents, photos, emails, log files) from hostile or damaged systems; hunt for hidden/deleted/manipulated files and internet artifacts (history, cookies, cache, cloud sync).
· Perform mobile device forensics (logical/physical extractions, app artifact analysis); corroborate host/mobile findings for holistic case narratives.
· Maintain chain of custody and adhere to rules of evidence; prepare lab worksheets, imaging notes, and custody logs for audit readiness.
· Produce intelligence-leveled reporting and detailed process documentation (e.g., AARs, capability/architecture assessments, policy analysis, analytical information reports); ensure timeliness, clarity, and accuracy.
· Brief findings to technical/non-technical audiences; provide testimony support when required.
· Coordinate priorities and schedules with COR/TPOC/PMO; provide status inputs and update risk/issue logs for forensic operations.
REQUIREMENTS
Minimum Qualifications
· TS/SCI clearance (active); CI-poly eligibility preferred
· DoD Certified Digital Forensic Examiner (DFE).
· Team-level certifications covering at least one of: CFCE, GCFE, EnCase Certified Examiner must have minimum 2 years host-based and mobile device forensics.
· Proven execution of full forensic lifecycle with chain of custody and evidentiary protocols.
· Ability to collaborate with CI/HUMINT, Cyber, and Tech Ops stakeholders.
Minimum Education Qualifications
· High school diploma and 20 years of relevant experience with at least a portion of the experience in the last two years OR
· Associate degree and 17 years of relevant experience with at least a portion of the experience in the last two years OR
· Bachelor's degree and 15 years of relevant experience with at least a portion of the experience within the last 2 years OR
· Master's degree and 15 Years of relevant experience with at least a portion of the experience within the last 2 years.
Preferred Qualifications
· 10+ years recent digital forensics in DoD/IC environments; experience in malware triage and incident response supporting CI/CT missions.
· Additional certifications (e.g., EnCE, CFCE, GCFA/GNFA, GREM, CCE).
· Experience designing/running forensic labs, tool validation programs, and writing SOPs; history of optimizing workflows and reducing cycle time.
· Familiarity with RMF, ACIC editorial standards, and integration with Tech Ops/Cyber investigative processes.
*Position is contingent upon award
#CJ
group id: 10309996
