Cyber Defense Forensics Lead

Cyber Defense Forensics Lead  

The U.S. Customs and Border Protection (CBP) Cyber Security Directorate (CSD) is leading one of the most comprehensive, mission critical cybersecurity operations in the federal government—protecting the digital infrastructure that safeguards America’s borders. This multifaceted program spans 24/7/365 Security Operations Center (SOC) monitoring, advanced threat intelligence, forensics, incident response, cloud and network security engineering, zero trust modernization, vulnerability assessment, and enterprise-wide risk and compliance activities. Key Leads on this program will guide teams at the forefront of national security, supporting sophisticated cyber operations that defend vital systems, enable secure mission execution, and counter rapidly evolving threats. You will find this work uniquely impactful, fast-paced, and deeply collaborative, offering the opportunity to lead high performing technical teams, shape CBP’s cybersecurity strategy, and contribute directly to the protection of the nation. 

MEANINGFUL WORK AND PERSONAL IMPACT 

The Cyber Defense Forensics Lead is a senior technical leader driving CBP’s enterprise digital forensics mission, supporting investigations ranging from malware intrusions to insider threats. You will: 

• Oversee advanced endpoint, network, and cloud forensics; guide analysts through complex investigations; develop forensic methodologies and playbooks; and ensure the preservation, analysis, and reporting of evidence that informs high visibility security decisions.  

• Work on cutting edge forensic cases, shape lab capabilities, collaborate with law enforcement partners, and lead a team that plays a decisive role in protecting CBP systems from sophisticated adversaries.  

WHAT YOU’LL NEED TO SUCCEED 

• Top Secret (With SCI eligibility) clearance. 

• Minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security.  

• Minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network based security monitoring, identifying and analyzing anomalous activities with familiarity in insider threat monitoring software, host-based forensic tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, security operations ticket management.  

• Ability to create insider threat focused dashboards, reports and workflow diagrams.  

• Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data.  

• Experience with ad hoc training to junior members in a collaborative environment.  

EDUCATION AND EXPERIENCE 

• Bachelor’s degree in information technology, computer science, cybersecurity or a related field preferred. 

• Previous or Current CBP Background Investigation desired. 

OWN YOUR OPPORTUNITY 
Explore a career in cyber security at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your passion for securing the mission.