Cyber Forensics Analyst

ECS is seeking a Cyber Forensics Analyst to work in our Portland, OR office.  

The Forensics Analyst Mid performs hands-on forensic analysis and malware investigation activities in support of SOC security investigations, incident response, routine memory checks, and advanced threat hunting. This role uses industry-standard forensic tools and strong investigative skills to collect, analyze, and document technical evidence. 

The ideal candidate has solid cybersecurity experience, strong written communication skills, and the ability to operate resourcefully and independently while coordinating with SOC teams, data centers, and senior forensic personnel during investigations. 

Key Responsibilities 

Digital Forensics and Investigation 

• Perform forensic analysis using industry-standard forensic tools and open-source DFIR utilities. 

• Assist with forensic investigations involving endpoints, servers, malware, and cyber incidents. 

• Analyze Windows Registry, Windows System Calls, Linux artifacts, file system data, logs, and memory artifacts. 

• Create findings and technical notes that support investigative conclusions and remediation actions. 

Malware Analysis and IOC Development 

• Analyze malware in a lab environment using standard malware analysis techniques. 

• Create IOCs based on forensic and malware findings for sharing with SOC and security teams. 

• Support Java code de-obfuscation and technical analysis activities within the analyst skill level. 

• Escalate complex malware or reverse-engineering requirements to senior analysts or the FMAT Lead. 

SOC and Incident Response Support 

• Assist the SOC with security investigations and incident response activities. 

• Conduct routine memory checks on Linux and Windows servers as directed. 

• Support proactive malware analysis, incident response, and advanced threat hunting activities. 

• Communicate with different teams and data centers during investigations. 

Reporting and Collaboration 

• Create clear investigation reports, forensic summaries, and supporting documentation. 

• Communicate findings effectively to SOC analysts, incident responders, data center teams, and leadership. 

• Apply strong investigative, research, and problem-solving skills to ambiguous technical issues. 

• Contribute to repeatable forensic procedures, knowledge sharing, and continuous process improvement. 

• U.S. Citizenship with ability to obtain and maintain a DOE “L” clearance after start.
• 5 to 8 years of experience in cybersecurity, digital forensics, incident response, or related cyber investigation work. 

• Experience performing forensic analysis using industry-standard forensic tools and open-source tools. 

• Familiarity with Windows Registry, Windows System Calls, Linux operating systems, and Java code de-obfuscation. 

• Hands-on experience with Volatility or other memory forensics tools, FTK, and Wireshark. 

• Ability to create IOCs based on forensic analysis and share them with other security teams. 

• Ability to analyze malware in a lab environment using standard malware analysis techniques. 

• Experience performing or supporting forensic investigations and incident response activities. 

• Excellent written communication, resourcefulness, investigative ability, research skills, and problem-solving skills.