Cyber Defense Forensics Lead

The U.S. Customs and Border Protection (CBP) Cyber Security Directorate (CSD) is leading one of the most comprehensive, mission critical cybersecurity operations in the federal governmentprotecting the digital infrastructure that safeguards Americas borders. This multifaceted program spans 24/7/365 Security Operations Center (SOC) monitoring, advanced threat intelligence, forensics, incident response,cloudand network security engineering, zero trust modernization, vulnerability assessment, and enterprise-wide risk and compliance activities. Key Leads on this program will guide teams at the forefront of national security, supporting sophisticated cyber operations that defend vital systems, enable secure mission execution, and counter rapidly evolving threats. You will find this work uniquely impactful, fast-paced, and deeply collaborative, offering the opportunity to lead high performing technical teams, shape CBPs cybersecurity strategy, and contribute directly to the protection of the nation.

MEANINGFUL WORK AND PERSONAL IMPACT

The Cyber Defense Forensics Lead is a senior technical leader driving CBPs enterprise digital forensics mission, supporting investigations ranging from malware intrusions to insider threats. You will:

• Oversee advanced endpoint, network, and cloud forensics; guide analysts through complex investigations; develop forensic methodologies and playbooks; and ensure the preservation, analysis, and reporting of evidence that informshighvisibilitysecurity decisions.

• Work oncuttingedgeforensic cases, shape lab capabilities, collaborate with law enforcement partners, and lead a team that plays a decisive role in protecting CBP systems from sophisticated adversaries.

WHAT YOULL NEED TO SUCCEED

• Top Secret (With SCI eligibility)clearance.

• Minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyberthreatsand information security.

• Minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network based security monitoring, identifying and analyzing anomalous activities with familiarity in insider threat monitoring software, host-based forensic tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, security operations ticket management.

• Ability to create insider threat focused dashboards,reportsand workflow diagrams.

• Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately;providingincident response capabilities to isolate and mitigate threats tomaintainconfidentiality, integrity, and availability for protected data.

• Experience with ad hoc training to junior members in a collaborative environment.

EDUCATION AND EXPERIENCE

• Bachelors degree in information technology, computer science,cybersecurityor a related field preferred.

• Previousor Current CBP Background Investigation desired.

• Maintains active Certified Information System Security Professional (CISSP).

OWN YOUR OPPORTUNITY
Explore a career in cyber security at GDIT andyoullfind endless opportunities to grow alongside colleagues who share your passion for securing the mission.