Senior Cyber Forensics Analyst

CNA, 3003 Washington Blvd, Arlington, Virginia, United States of America Req #481
Monday, March 13, 2023


The Senior Cyber Forensics Analyst responsibilities include producing Insider Threat Referral Reports (e.g., investigative leads) that document computer misuse, violations of policies, counterintelligence concerns, foreign influence, financial stressors, threats to self or others, and be able to provide continuous monitoring capabilities. In addition, access network monitoring, data analytic, integrate available information, decipher underlying trends and anomalies, and discern obscure patterns found in the data. Lead the management of the Insider Threat Program in accordance with government regulations to include the NISPOM and guidance from DCSA, DISA, Navy, and other government agencies.
CNA fosters an inclusive culture that values diverse backgrounds and perspectives. Our flexible and engaging work environment encourages iterative and creative collaboration at every stage of the problem solving process. Our employees are committed to helping clients develop effective solutions to better manage their programs through scientific, data-driven approaches. We are looking for creative and innovative individuals to help carry out our mission. 



  1. Lead the Insider Threat operational program, including the development of playbooks and workflows for monitoring against potential insider risks.
  2. Implement DoD and industry standards for best practices regarding insider threat programs, including development and maintenance of OCIO and CISO gap analyses and implement roadmaps.
  3. Develop and improve insider threat modeling that leverages user behavior and automate solutions.
  4. Ability to perform deep analysis of captured malicious code (e.g., malware forensics) and develop actionable threat intelligence to provide to cyber leadership to make risk informed decisions.
  5. Use analytics to pinpoint and prioritize threats found amongst large amounts of sensitive data from disparate data sources (e.g., log correlation) and provide recommendations on how best to mitigate such threats.
  6. Conduct proactive hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools. Respond, investigate, and prevent cyber-attacks and breaches while maintaining strict confidentiality. Perform incident response and forensics activities. Provide detailed briefings and reports post-incident as well as ongoing support.
  7. Knowledge of operating systems internals, OS security mitigations, understanding of security challenges in Windows, Linux, Mac, Android, and iOS platforms.
  8. Clearly communicate and collaborate with internal teammates and cross-business stakeholders (e.g., Legal, HR, Audit) to support investigations and e. Discovery requests.
  9. Serve as a mentor within the CSO organization
  10. Perform other duties as assigned.   



1. Education: Bachelor’s degree in Cyber Security, Information Technology, Engineering, or related field or equivalent combination of education and work experience required. One or more of the following certifications required: Exterro FTK ACE (AccessData Certified Examiner, CCTHP (Certified Cyber Threat Hunting Professional), GCFA (GIAC Certified Forensic Analyst).


2. Experience: Minimum of 10 years demonstrated cyber forensics and Cyber Threat Hunt experience. Ability to detect and report on malicious and inadvertent Insider Threats.


3. Skills:  Must have proficiency in a variety of cyber tools such as Splunk User Behavior Analytics, Carbon Black, Proofpoint, IDS/IPS and deep packet capture analysis. Must know and be able to take all actions required to ensure compliance with all Government security regulations and contractual requirements. Excellent communication and interpersonal skills with the ability to generate trust and build relationships. Must be able to make decisions to advise staff on appropriate actions regarding all security-related actions.


4. Other:  On-call availability outside of normal working hours. Ability to obtain and maintain a Top-Secret level security clearance upon hire.


5. Remote/Hybrid Work Eligibility: This position is eligible for telecommuting or hybrid work arrangements at the discretion of the Supervisor. Employees may be required to work at CNA headquarters or other work locations resulting in changes to the scheduled telecommuting or hybrid work arrangements.

***Voluntary (but highly desired) document***
Please include a personal statement as part of your application. A personal statement is a chance for us to get to know you. The statement is your opportunity to share your goals, interests, influences and show us that you will be a valuable asset to our organization. Please click here for personal statement guidelines – Click here
Personal statements will not be used as an elimination criteria for this position. They will only be used to enhance a candidate’s application

CNA is committed to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service and protected veterans, or other non-merit based factors. In addition to federal legal requirements, CNA complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. These protections extend to all terms and conditions of employment, including recruiting and hiring practices, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training and career development programs. For more information about EEO protections, please view the EEO is the law posters here: "EEO is the Law" Poster""EEO Poster Supplement". The pay transparency policy is available here: Pay Transparency Nondiscrimination Poster. To be considered for hire, all individuals applying for positions with CNA are subject to a background investigation. For positions requiring access to classified information, U.S. citizenship is required. Individuals will also be subject to an additional government background investigation, and continued employment eligibility is contingent upon the ability to obtain and maintain an active security clearance.

Other details

  • Job Family Security
  • Job Function Career Path III - Professional
  • Employment Indicator (none)
Location on Google Maps
  • CNA, 3003 Washington Blvd, Arlington, Virginia, United States of America