Cybersecurity Forensic Analyst

Clearance Level
Cyber Security
Washington, District of Columbia

REQ#: RQ126439

Travel Required: Less than 10%
Public Trust: NACI (T1)
Requisition Type: Pipeline

We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.

GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter.

As a Cybersecurity Forensic Analyst, you will be trusted to support work on a program involving Cybersecurity Engineering and Compliance, Risk Management Assessment, Authorization and Accreditation, Threat Intelligence, Threat Detection, Incident Management and Response, Vulnerability Management, Penetration Testing, and Identity and Access Management.

At GDIT, people are our differentiator. In this role, a typical day will include:

  • Investigate violations of Information Security Policies by analyzing forensic data using standard security tools and processes
  • Conduct forensic examinations of electronic evidence, including computer-related equipment, and mobile devices
  • Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
  • Uses timestamps and logs (host and network) to develop authoritative timelines of activity
  • Finds evidence of deleted files and hidden data
  • Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
  • Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
  • Identifies different classes of attacks and attack stages
  • Evaluates, extracts and analyzes suspected malicious code
  • Employs forensic tools and techniques to crack file and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media
  • Perform response investigation and point-in-time cybersecurity forensics assessments, to determine attacker activity on enterprise systems
  • Perform forensic data collections and basic forensic analysis
  • Maintain forensic tool set by staying current on version updates and new options in the market
  • Manage all chain of custody best practices associated with the rules of evidence
  • Support development of Disaster Recovery and Business Continuity strategies
  • Perform timely receipt, tracking, and response to eDiscovery and computer forensic requests to meet audit, compliance and legal requirements.
  • Physically disassemble and reassemble computers and related hardware.
  • Collect, document, transport, label, and secure evidence during forensic processing.


  • Bachelor’s Degree in Computer Science, Information Technology or Information Security
  • Eight (8) years of experience performing IT security activities
  • Two (2) years of experience performing malware analysis in support of incident analysis and response.
  • Certifications (One or more of the following): GCFE – GIAC Certified Forensic Examiner; GCFA – GIAC Certified Forensic Analyst (better than GCFE); GREM – GIAC Reverse Engineering Malware; Encase, SANS Institute Forensic Toolkit (SIFT) or FTK vendor certifications and product experience; CISM - Certified Information Security Manager
  • Public Trust clearance capability with National Agency Check with Inquiries (NACI)


  • Full-flex work week 
  • 401K with company match 
  • Challenging work that makes a real impact on the world around you 
  • Diverse, highly collaborative teams 

The security clearance for this program requires the selected candidate to have resided in the US for the past five years. The selected candidate cannot have left the country for longer than 90 consecutive days and no more than 180 cumulative days.  We can only accept Green Card Holders or US Citizens for this program. 

#gditcareers #gcfe #cybersecurity

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.