Forensics Analyst Lead (Remote)

Position Title: Forensics Analyst Lead

Location:Portland, OR | Full-Time                                           

Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer.

Cybervance combines advanced cybersecurity expertise with proven federal contracting experience to deliver innovated, mission-focused solutions for U.S. Government agencies. We are committed to helping our partners achieve measurable improvements in security and resilience.

We are seeking a full-time Forensics Analyst Lead who is responsible for leading the organization's digital forensics capability, overseeing investigations related to cyber incidents, insider threats, data breaches, and legal or regulatory matters. This role provides technical leadership, investigative oversight, and expert guidance to ensure forensic activities are conducted accurately, defensibly, and in alignment with legal and regulatory requirements.

The ideal candidate combines deep forensic expertise with leadership skills, sound judgment under pressure, and the ability to communicate complex findings to technical teams, legal partners, and executive leadership.

Responsibilities

• Lead and oversee all digital forensic investigations across endpoint, server, network, cloud, and mobile environments.
• Establish forensic standards, methodologies, and toolsets.
• Act as the primary escalation point for complex or high‑impact forensic cases.
• Ensure investigations follow best practices for evidence handling and forensic integrity.

• Support and lead forensic analysis during security incidents, including malware infections, intrusions, and data exfiltration events.
• Conduct advanced forensic analysis to identify root cause, attacker activity, and impact.
• Reconstruct timelines and analyze artifacts to support incident response and remediation efforts.
• Collaborate closely with Incident Response, SOC, Threat Hunting, and Legal teams.

• Ensure proper evidence preservation, chain of custody, and documentation.
• Provide forensic findings to legal, compliance, HR, and regulatory stakeholders.
• Support internal investigations, litigation, and eDiscovery processes.
• Serve as a subject‑matter expert for forensic procedures during audits or legal proceedings.

• Evaluate, deploy, and maintain forensic tools and technologies.
• Improve forensic readiness through logging, data retention, and evidence collection. Strategies.
• Develop scripts, workflows, or automation to improve forensic efficiency and consistency.

• Lead, mentor, and train forensic analysts and incident responders.
• Review forensic work products for quality and accuracy.
• Contribute to training programs, tabletop exercises, and forensic playbooks.

• Produce detailed forensic reports, timelines, and root cause analyses.
• Translate technical findings into clear business, legal, and risk‑based narratives.
• Brief senior leadership on incident findings, impact, and recommendations.

Required Skills & Qualifications

• 7–10+ years of experience in digital forensics, incident response, or cybersecurity investigations.
• Proven experience leading forensic investigations and teams.
• Deep understanding of:
• Endpoint, memory, disk, and network forensics
• Malware analysis and attacker techniques
• Evidence handling and chain‑of‑custody requirements
• Hands‑on experience with industry‑standard forensic tools.
• Strong written communication and technical reporting skills.

Preferred Qualifications

• Experience with cloud and SaaS forensics (AWS, Azure, GCP, M365, Google Workspace).
• Experience supporting legal, HR, or regulatory investigations.
• Scripting or automation experience (Python, PowerShell, Bash).
• Certifications such as GCFA, GCED, GCIH, CISSP, EnCE, or equivalent.
• Experience in government, finance, healthcare, or other regulated environments.