×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Digital Media / Production Data Security

Defensive Cyber Operations Forensic Analyst Tier III

Job in North Charleston, Charleston County, South Carolina, 29405, USA
Listing for: Adapt Forward
Full Time position
Listed on 2026-01-19
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Digital Media / Production, Data Security
Job Description & How to Apply Below

DCO Watch Forensics Analyst Tier 3

North Charleston, SC

Secret Clearance, with ability to obtain TS/SCI

As a Tier 3 Defensive Cyber Operations (DCO) Watch Forensics Analyst, you will be responsible for leading complex digital forensic investigations on compromised systems across both unclassified and classified networks. You will be responsible for the entire forensic lifecycle, including the collection and preservation of digital evidence, in-depth analysis of host and network artifacts to determine the timeline and scope of intrusions, and the creation of detailed Forensic Summary Reports (FSRs).

You will leverage deep technical expertise in file systems, operating system internals, and memory analysis to uncover evidence of attacker activity, support large-scale incident response campaigns, and provide actionable intelligence to enhance detection and mitigation strategies.

Position Requirements and Duties
  • Examine system, software, security, and user hives for evidence of program execution, USB usage, network connections, and user activity
  • Execute forensic imaging of computers and storage media
  • Acquire and analyze digital evidence using industry-standard forensic tools and techniques on Windows and Linux systems including prefetch, jump lists, shellbags, and other operating system specific artifacts
  • Acquire and analyze memory captures to recover additional artifacts and evidence
  • Decode and interpret various file formats and digital communications
  • In-depth understanding of digital forensic methodologies, incident response workflows, and forensic tools
  • Perform advanced network and host-based digital forensics on Windows and other operating systems to support incident investigations
  • Coordinate with reporting agencies and subscriber sites to ensure comprehensive analysis and reporting of significant incidents
  • Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and other directives
  • Provide 24/7 support for incident response during non-core hours, and mentor junior analysts
  • Lead program reviews, product evaluations, and onsite certification evaluations
  • Overtime may be required to support incident response actions (Surge)
  • Up to 10% travel may be required, may include international travel
  • Must maintain a current US passport
Minimum Qualifications
  • Bachelor’s Degree in relevant discipline and 3 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
  • At least 2 years of hands‑on experience conducting digital forensic investigations utilizing enterprise forensic suites (e.g., EnCase, FTK, Axiom, etc.) to acquire, preserve, and analyze evidence from Windows and/or Linux systems
  • At least 1 year of experience performing detailed host‑based and/or memory forensics by utilizing frameworks such as Volatility or Rekall to identify running processes, network connections, and injected code
  • Must be a U.S. Citizen
Desired Qualifications
  • Extensive experience with Digital Forensics across multiple operating systems
  • Demonstrated expert‑level knowledge of Incident Response Procedures
  • Expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis
  • Experience conducting forensic investigations in cloud environments, including analysis of cloud‑native logs and acquisition of virtual machine snapshots
  • Proficiency in scripting (e.g., using Python, Power Shell) to automate forensic tasks, such as parsing custom log formats, automating timeline creation, or bulk‑analyzing artifacts
  • Possession of a recognized digital forensics certification, such as GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), EnCase Certified Examiner (EnCE), or Access Data Certified Examiner (ACE)
  • Demonstrated passion for digital forensics through active participation in DFIR‑focused challenges on platforms such as Cyber Defenders, Blue Team Labs  Online, or the "Sherlocks" category on Hack The Box
Required Certifications
  • Must have DoD 8570 IAT Level II and CSSP IR compliant certifications
Company Overview

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. Leveraging advanced threat…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search