Cyber Incident Response Analyst

Clearance Level
Top Secret SCI + Polygraph
Cyber Security
McLean, Virginia

REQ#: RQ121893

Travel Required: Less than 10%
Public Trust: None
Requisition Type: Regular

We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.

GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. Our work depends on a Cyber Forensics Analyst joining our team to support ODNI Customer activities at McLean, VA.

At GDIT, people are our differentiator. As a Cyber Forensics Analyst supporting the ODNI Customer, you will be trusted to work on innovative solutions that will transform and enhance the Enterprise IT environment to meet the growing global mission. In this role, a typical day will include:

  • Make recommendations for improving tactics, techniques, and procedures (TTPs) for enhanced protection of cyber assets.
  • Make recommendations for improving assessment techniques and characterization of attack sequence, stages, and impacts.
  • Perform file signature analysis.
  • Perform file system forensic analysis.
  • Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion. Ability to conduct forensic analyses in cloud environments.
  • Provide technical summary of findings in accordance with established reporting procedures.
  • Examine recovered data for information of relevance to the issue at hand.
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.


  • Current TS/SCI clearance with polygraph
  • BA/BS degree or 10+ years of relevant work experience
  • Extensive Computer Forensic Analyst and or Computer Network Defense CND Forensic Analyst experience, specializing in Cloud platform environments. Cyber Incident Response expert will conduct vulnerability scans and recognize vulnerability in security systems (e.g., Cloud Environments) AWS, Google, IBM, Azure, and Oracle.
  • Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
  • Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments.
    • Forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
    • Analyzing volatile date
    • Processing digital evidence to include protecting and making legally sound copies of evidence
    • Anomalous detection as malicious or benign
  • CERTICATION:  Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP.
    • Investigative implications of hardware, Operating Systems, and network technologies.
    • Anti-forensics tactics, techniques, and procedures
    • Concepts and practices of processing digital forensic data
    • Preserving evidence integrity according to standard operating procedures or national standards
    • General attack strategies (e.g., MITRE ATT&CK Framework)
    • NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate
    • Independent Verification & Validation (IV&V) of security controls.


  • Full-flex work week
  • 401K with company match
  • Internal mobility team dedicated to helping you own your career
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Ability to make a real impact on the world around you

Not sure this job’s the one for you? Check out our other openings at





Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.” 

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.