Summary
Location
Washington
Type
full-time
Are you the employer? Manage your company page directly.
About this role
Who We’re Looking For (Position Overview):
We’re looking for an Intrusion Analyst to conduct intrusion-focused digital forensics across host and network evidence, reconstruct attack activity, and communicate findings that can stand up to investigative and legal scrutiny. This role is part of a digital forensics capability supporting complex cyber and computer intrusion cases.
The ideal candidate is a disciplined examiner with strong technical depth, excellent documentation habits, and the ability to explain complex intrusion activity to non-expert audiences.
\n- Intrusion-Focused Forensic Analysis
- Perform host- and network-based forensic analysis across Windows, Linux, macOS, and mobile platforms.
- Examine volatile memory, log exports, and pre-acquired datasets; identify IOCs and adversary TTPs; reconstruct timelines and scope.
- Tool-Driven Investigation & Automation
- Use forensic and analysis tooling such as Magnet Axiom, X-Ways, FTK, Volatility, Splunk, ELK Stack, and open-source utilities.
- Apply scripting/automation (Python, PowerShell, Bash) to accelerate artifact parsing and correlation.
- Reporting, Testimony Readiness & Quality
- Produce thorough documentation of findings and conclusions; communicate clearly for non-expert audiences.
- Successfully complete a mock examination and defend results in a practical courtroom exercise (Government-run).
- Operational Support
- Support mission needs that may drive irregular hours and location-specific requirements depending on investigative activity.
- Citizenship & Clearance
- U.S. Citizenship required.
- Active TS clearance with SCI eligibility required.
- Digital Forensics Depth
- Demonstrated experience with intrusion-focused forensic analysis across host/network artifacts and multiple OS platforms.
- Courtroom-Defensible Communication
- Strong writing and verbal communication skills; ability to present findings clearly and defend methodologies.
- Experience supporting rapid response investigative operations that may require extended/irregular hours.
- Experience correlating enterprise telemetry sources (security device logs, captures, cloud logs) to identify persistence, escalation, lateral movement, and exfiltration.
Other facts
About Spry Methods
Spry is a certified Small Business headquartered in McLean, VA. Spry provides Enterprise, C4IT, Management, and Cyber Solutions to the federal government and commercial entities. Founded in 2001, Spry Methods was built on the foundation of combining industry knowledge with unmatched responsiveness to produce results for our customers. Our goal is to build a business dedicated to the maximization of value for all stakeholders starting with our employees, our customers, and our community. We recognize that talented and dedicated employees are our most valued assets and the foundation of our success. Guided by these principles, we have established an impressive track record of proven past performance serving our customers within the Commercial, Federal Civilian, DoD, and Intelligence Communities. A CMMI Level 3 certified and ISO 9001:2008 registered company, Spry is committed to quality and continuous improvement.
What you'll do
- The Intrusion Analyst will conduct intrusion-focused digital forensics across host and network evidence, reconstruct attack activity, and communicate findings. This role supports complex cyber and computer intrusion cases.
Join Clera's Talent Pool
Get matched with similar opportunities at top startups
This role is hosted on Spry Methods's careers site.
Join our talent pool first to get notified about similar roles that match your profile.