Host Based Cyber Systems Analyst III

About the position Responsibilities • Lead and coordinate forensic investigations in support of incident response engagements and post-compromise assessments. • Plan, direct, and execute the collection, examination, and analysis of host-based evidence across multiple operating systems and environments. • Acquire, preserve, and analyze digital artifacts (malware, volatile memory, registry data, user activity, logs, and executables) to support attribution and root-cause analysis. • Perform forensic triage to determine incident scope, urgency, and potential impact on enterprise operations. • Correlate host-level findings with network telemetry to reconstruct intrusion narratives and identify persistence or lateral movement. • Evaluate and dissect malicious code and executable behavior to identify tactics, techniques, and procedures (TTPs). • Maintain strict chain of custody and documentation standards to ensure evidence integrity. • Distill technical analysis into clear, actionable reports and executive summaries suitable for senior leadership and interagency partners. • Serve as a technical liaison to government stakeholders, explaining forensic methodologies, tools, and findings in both technical and operational terms. • Support the development of Computer Network Defense (CND) guidance, playbooks, and after-action reports based on investigative outcomes. Requirements • U.S. Citizenship (required) • Active TS/SCI clearance (required) • Ability to obtain DHS Entry on Duty (EOD) Suitability • 5+ years of hands-on experience conducting host-based or digital forensic investigations • Expertise in forensically sound data acquisition, duplication, and preservation • Proficiency in analyzing, categorizing, and reporting cyber attacks and system compromises • Strong knowledge of evidence handling procedures, documentation, and chain-of-custody standards • Familiarity with attack lifecycle phases and common adversary techniques • Comprehensive understanding of system and application security threats, vulnerabilities, and mitigation strategies • Experience performing host triage, live response, and volatile memory analysis • Proficiency with Windows, Linux/Unix, and related file systems • Demonstrated ability to collaborate across distributed teams in time-sensitive operational environments Nice-to-haves • Proficiency with two or more of the following forensic and analysis tools: EnCase, FTK, X-Ways, SIFT, Volatility, Sleuth Kit/Autopsy Wireshark, Splunk, Snort, or EDR tools (CrowdStrike, Carbon Black, SentinelOne) • Experience conducting malware reverse-engineering and all-source research • Understanding of threat actor TTPs and advanced intrusion methodologies • Strong communication skills for technical briefings and interagency coordination Benefits • Argo Cyber Systems empowers federal partners to outpace and outmaneuver adversaries through precision forensics, agile response, and mission-first cybersecurity operations. • As part of the DHS HIRT mission, you will be on the front lines of national cyber defense-supporting the investigation, containment, and recovery of the nation's most critical systems. Apply tot his job Apply tot his job