What are the responsibilities and job description for the HHS - Digital Forensics/Threat Hunter position at cFocus Software Incorporated?
cFocus Software seeks a Digital Forensics/Threat Hunter to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Digital Forensics, or related field.
- Minimum 6–9 years of experience in digital forensics, threat hunting, or incident response.
- Hands-on experience with forensic tools (EnCase, FTK, Volatility) and EDR platforms.
- Strong understanding of NIST SP 800-61, NIST SP 800-86, NIST SP 800-53, and federal IR requirements.
- Experience analyzing endpoint, network, cloud, and log-based forensic data.
- Familiarity with malware analysis, scripting, and attacker tradecraft.
- Strong written and verbal communication skills.
- GCFA, GCIH, GNFA, CISSP, or CEH (preferred)
- Conduct proactive threat hunting using hypothesis-driven techniques, MITRE ATT&CK mapping, and behavioral analytics.
- Perform digital forensic acquisition and analysis of endpoints, servers, cloud workloads, and network artifacts.
- Investigate advanced threats, ransomware, insider threats, data exfiltration, and persistent adversary activity.
- Analyze malware, scripts, and suspicious binaries including reverse engineering when required.
- Identify Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and attack timelines.
- Maintain forensic chain-of-custody and evidence integrity for legal and regulatory purposes.
- Support incident containment, eradication, and recovery actions in coordination with SOC and IR teams.
- Develop and maintain forensic and threat hunting SOPs, playbooks, and workflows.
- Produce forensic reports, threat hunting reports, and incident documentation within defined SLAs.
- Support FOIA searches, OGC litigation holds, and OIG criminal investigations.
- Maintain and tune forensic and threat hunting tools within the SOC ecosystem.
- Collaborate with CISA, HHS CSIRC, and HRSA stakeholders during investigations.
- Participate in cyber exercises, tabletop exercises, and after-action reviews.
- Provide recommendations to improve detection, logging, and incident response capabilities.