06 Apr, 2022

Senior Digital Forensics Analyst

  • ManTech
  • Bethesda, MD
Full time Analyst

Job Description

ManTech provides mission-focused technology solutions and services for U.S. defense, intelligence and federal civilian agencies. In business for more than 52 years, we excel in full-spectrum cyber, data collection & analytics, enterprise IT, and systems and software engineering solutions that support national and homeland security. More than 9,300 talented professionals around the globe make up the ManTech family and nearly half are veterans.

The Technical Exploitation Support Services team is critical in supporting DoD, Federal, and IC partners’ Global War on Terrorism efforts by providing state of the art technical exploitation and collection capabilities in digital media exploitation triage and automation, advanced technical Media Exploitation (MEDEX), and advanced Mobile Device Exploitation. Activities include digital forensics activities, software reverse engineering, hardware exploitation, parser development, reverse engineering, mobile applications development and engineering, and technical exploitation.

Currently, ManTech is seeking a Senior Digital Forensics Analyst specialized in MEDEX and Technical Exploitation capabilities to join our team in Bethesda, MD.

Responsibilities include, but are not limited to:

  • Bit-level device acquisition of PC’s, Mac’s, smartphones and other devices.
  • Knowledge of solutions tracking enemy TTPs and exploiting weaknesses in the use of anti-forensic tools.
  • Technical exploitation tool and script development, artifact pattern analysis, exploitation, and cross set link analysis of digital media ranging from dumb phones, smartphones, Mac's, Windows PC's, Linux PCs and other devices.
  • Technical Exploitation capabilities to include: Various Operating Systems and file systems, internet history analysis, registry analysis, application analysis, and database analysis. 
  • Provide capability in hardware configuration, network/data communications, software development, scripting, and database exploitation.
  • Researching emerging trends, capabilities, and technology.
  • Comfortable executing Python scripts, SQL queries, and other CLI commands.
  • Technical Exploitation capabilities to include expertise in various operating systems and file systems
  • Analysis and exploitation to include pattern recognition and cross set link analysis of forensic artifacts to include but not limited to internet history, registry, applications, virtual machines, backups, databases, and communications such as messaging and social media.
  • Provide global Technical Exploitation response capabilities to include pattern of life and behavioral analysis through media examinations; deployable technical exploitation personnel to meet DOD & partner contingency requirements; and expert multi-functional exploitation expertise. Coordinate with customer operations on technical exploitation platform & training related issues.

Basic Qualifications:

  • Bachelor’s degree in Science, Technology, Engineering and Mathematics (STEM) discipline preferred (or equivalent work experience) and a minimum of  4 or more years of demonstrated technical exploitation experience and skills such as computer forensics, technical exploitation, reverse engineering, and/or malware analysis.
  • Industry standard forensic certifications such as: EnCase Certified Examiner (EnCE), AccessData Certified Examiner (ACE), Certified Computer Examiner (CCE), or EC-Council, ISACA, (ISC)2, & GIAC related forensic certifications.
  • Department of Defense (DoD) 8570 Compliant, IAT Level II or ability to obtain at the beginning of employment.
  • Experience and/or certified in two or more of the following commercial forensic tools: Axiom, EnCase, X-Ways, Blackbag, Physical Analyzer, and Oxygen.
  • Ability to design, implement and document computer forensics services to include evidence seizure, computer forensic analysis and data recovery.
  • Ability to convey technical information effectively and concisely to a wide range of audiences to include; presentations, briefing, and technical intelligence reports.
  • Willing to travel CONUS and/or OCONUS on TDY to include war zones.
  • Must meet CENTCOM physical and physiological deployment requirements to include carrying a weapon, before commencement of work.

Preferred Qualifications:

  • Experience in intelligence reporting, investigations, and/or targeting a plus.
  • Experience conducting link analysis and Pattern of Life studies.
  • Experience writing Python scripts and SQL queries preferred.
  • Experience in cross collection exploitation and analysis to include discovery of applications of interest used across sets by target groups tactics, techniques, and procedures employed by target groups.
  • Experience in hardware and/or firmware exploitation.

Security Clearance Requirements:

  • Active TS/SCI clearance with a Counterintelligence (CI) Polygraph or ability to obtain a CI Polygraph before the start date.

ManTech Offers Opportunities and Resources to Launch Your Career such as:

  • Fully-paid Bachelor's and Master's Degree Programs.
  • Free Certifications such as CISSP and Certified Ethical Hacker (CEH).
  • Free Online Skills Learning in big data, networking, systems administration, cloud computing, DevOps, CNO, cybersecurity, and software development.
  • Free Test Preparation for Security+, PMP, CISSP, and AWS—just to name a few.   
  • Career Mobility Program  provides a process for career guidance, development, advice, and advocacy for employees.
  • Technical Recognition Awards are generous Cash Awards to Recognize Employees for outstanding technical achievement. 
  • Academic Partnership with MIT.
  • Training and conference opportunities, plus the industry-leading cyber courses to include the Advanced Cyber Training Program (ACTP).

Other Amazing Benefits Include:

  • 20 days PTO, plus 10 holidays
  • PTO sellback
  • PTO carryover of up to 240 hours
  • Up to 5% 401k match
  • Up to 4 weeks parental leave
  • Early Bird Special: Can start work at 5:00 or 6:00 AM for easier commuting time