Center for Internet Security, Inc.

Cyber Incident Response Team Forensic Analyst - Remote

Job Locations US
Cybersecurity Operations
Regular Full-Time


The primary purpose of this position is to work as a member of the Multi-State-information Sharing and Analysis Center (MS-ISAC)/Elections Infrastructure-information Sharing and Analysis Center (EI-ISAC) Cyber Incident Response Team (CIRT) to help respond to cyber incidents impacting State, Local, Tribal and Territorial governments. 


The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.


Salary Range: $79,100 - $109,800
We offer a competitive total rewards package at the Center for Internet Security:
  • Base salary is determined on a number of factors including, but not limited to, education, experience and skills.
  • Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
  • $500 wellness card for Health Coverage Participants
  • 401(k) with 4% Company Match, vested from the first day of hire
  • Flexible Spending Account (FSA) & Dependent Care Account (DCA)
  • Life Insurance
  • Bonding Leave
  • Paid Volunteering Program
  • Bonus eligibility
  • Paid Time Off (PTO) inclusive of vacation, personal and sick time
  • Paid Holidays
  • Wellness Program
  • Employee Engagement Activities
  • Professional Development Opportunities
  • Tuition Reimbursement
  • Student Loan PayDown Program
  • Employee Referral program
  • Employee Assistance Program

What You'll Do

  • Provide Incident Response, Computer Forensics, and Malware Analysis services to State, Local, Tribal, and Territorial (SLTT) governments, as well as internal teams at CIS
  • Perform forensic analysis in response to cyber-attacks and computer security breaches on compromised external SLTT systems and networks, with diverse architecture, operating systems, and size, to identify the extent and nature of the compromise and provide recommendations on containment, eradication, and remediation steps. Collects, preserves, and analyzes digital evidence
  • Conduct incident response calls with SLTT governments as well as 3rd party vendors, external incident response teams, and/or cyber insurance companies
  • Guide partners through the incident response process and technical investigations, utilizing emotional intelligence and excellent verbal communication skills effective for coaching and supporting victims in response to crisis, specifically cyber-attacks
  • Ability to provide consultation to 3rd party SLTT government organizations, with diverse technical backgrounds and skill sets. This includes review and analysis on external networks, typically unknown to CIRT
  • Routinely prepare written technical documentation and reports of findings, along with recommendations, that result from cases involving forensic analysis and incident response
  • Perform consultation services in conjunction with incident response planning and best practices, periodically delivered in presentations, webinars, blogs, and podcasts
  • Assist with the identification of indicators of compromise (IOCs) from SLTT networks to support community network defense
  • Perform cross-collaboration with other MS-ISAC and CIS teams in order to provide excellent cybersecurity services
  • Provide support and/or research for any security-related questions or incidents reported from MS-ISAC/EI-ISAC members
  • Assist with the analysis of previously undisclosed software and hardware vulnerabilities
  • Perform tasks independently with some oversight
  • Other tasks and responsibilities as assigned

What You'll Need

  • Bachelor’s degree in Digital Forensics, Cybersecurity, Computer Science, or a related field*
  • 2+ years’ experience in Security/Network Administrator or equivalent knowledge
  • Knowledge of incident response procedures, processes, and techniques
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge of various host and network-based security controls
  • Working knowledge of networking and Windows fundamentals, specific to that of protocols, internal tools, server infrastructure, monitoring software, etc. 
  • Working knowledge of various operating systems, such as Windows, Linux, and MacOS
  • The position is open to U.S. Citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
  • Must be authorized to work in the United States

It's a Plus if You Have:

  • 3+ years' experience with Incident Response, Forensics, and/or Malware Analysis
  • Experience with scripting or markup languages such as Python, Windows PowerShell or GO
  • Experience delivering and explaining technical presentations and reports to both technical and non-technical audiences
  • Knowledge of adversarial tactics, techniques, and procedures. Additionally, understanding how to map these to the MITRE framework
  • Familiarity with interpreting, querying and accessing various log types (e.g., Windows Event, Web server, Firewall logs, etc.)
  • Working knowledge of forensic methodologies and related tools such as Magnet AXIOM, CyberTriage, SANS SIFT, and Kroll’s KAPE. Additionally, familiarity with open-source tooling such as the Eric Zimmerman toolset, etc.
  • Certifications in related areas (e.g., GCIH, GCFA, GCFE, ECIH, CYSA+, CCFE, CFCE, etc.)
  • Experience in conducting threat hunting in a SIEM, EDR suite, and/or manual network investigations
  • Demonstrated history of service to the community, either in a volunteer or professional capacity

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.


**Factors that may cause a negative Fitness Review decision include:

  • Criminal Conduct
  • Dishonest Conduct
  • Employment Misconduct
  • Alcohol Abuse
  • Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction)
  • False Statements
  • Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed