Incident Response and Forensic Analyst
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Leading incident response activities from initial detection through containment, eradication, recovery, and post-incident analysis
- Conducting digital forensic investigations on compromised systems, networks, and endpoints to determine root cause, scope, and impact of security incidents
- Performing forensic analysis of disk images, memory dumps, network traffic, and log data using industry-standard tools and methodologies
- Preserving digital evidence following proper chain of custody procedures to ensure forensic integrity and support potential legal proceedings
- Analyzing malware samples and attacker techniques to understand threat actor behavior and develop defensive countermeasures
- Developing and maintaining incident response playbooks, procedures, and forensic investigation workflows
- Coordinating with SOC, IT operations, legal, and business stakeholders during active incident response operations
- Documenting incident timelines, findings, and remediation activities in comprehensive technical reports
- Providing expert testimony and briefings on forensic findings to technical teams, management, and potentially legal counsel
- Contributing to threat intelligence by identifying indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) from investigations
- Conducting post-incident reviews and lessons learned sessions to drive continuous improvement
- Remaining informed on the latest incident response methodologies, forensic techniques, threat actor trends, and emerging attack vectors
- Mentoring junior analysts and sharing forensic expertise across the cybersecurity team
- Where necessary, providing after-hours support during critical security incidents requiring immediate investigation
- What You Need to be Successful- Information Security Staff IV
- Minimum Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Digital Forensics, Information Systems or equivalent field of study, or equivalent experience
- 5-7 years of relevant experience in incident response, digital forensics, or cybersecurity investigations
- Hands-on experience conducting forensic investigations on Windows, Linux, and/or macOS systems
- Proficiency with forensic tools such as EnCase, FTK, X-Ways, Autopsy, or similar platforms
- Strong understanding of file systems, operating system artifacts, and forensic analysis techniques
- Experience with memory forensics and volatile data analysis
- Knowledge of network forensics and packet analysis using tools like Wireshark, tcpdump, or NetworkMiner
- Understanding of malware analysis fundamentals and attacker methodologies
- Experience with incident response frameworks (NIST SP 800-61, SANS Incident Response, etc.)
- Ability to work under pressure during active security incidents and manage multiple concurrent investigations
- Excellent analytical and critical thinking skills with strong attention to detail
- Strong written and verbal communication skills, including the ability to document technical findings clearly
- Experience with evidence collection, preservation, and chain of custody procedures
- Understanding of legal and regulatory requirements related to digital evidence and incident reporting
- This position requires the ability to obtain and maintain a US Secret security clearance, which is issued by the US government. U.S citizenship is required to obtain a security clearance.
- How You Can Stand Out
- It would be impressive if you have one or more of these:
- Relevant certifications such as GCFA, GCFE, GREM, GNFA, CISSP, or equivalent
- Experience with
Additional Information
The Aerospace Corporation is the trusted partner to the nation's space programs, solving the hardest problems and providing unmatched technical expertise. As the operator of a federally funded research and development center (FFRDC), we are broadly engaged across all aspects of space- delivering innovative solutions that span satellite, launch, ground, and cyber systems for defense, civil and commercial customers. When you join our team, you'll be part of a special collection of problem solvers, thought leaders, and innovators. Join us and take your place in space. The Aerospace Corporation is seeking an experienced cybersecurity professional to serve as an Incident Response and Forensic Analyst ( Information Security Staff IV) . In this critical role, you will be responsible for investigating security incidents, conducting digital forensic examinations, and leading response efforts to protect our organization's critical assets. You will analyze complex security events, preserve and examine digital evidence, develop incident response procedures, and provide expert recommendations to contain and remediate cyber threats. You will join a team of dedicated cybersecurity professionals who are chartered with securing Aerospace's classified and unclassified enterprise IT environments and viewed as leaders within the aerospace community. The selected candidate will be required to work full-time on-site at our facility in Colorado Springs, CO.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at aero? Share your experience