Title: DFIR Analyst

State Role Title: Info Technology Specialist II

Hiring Range: $80,000 - $110,000

Pay Band: 5

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: https://www.vita.virginia.gov/

Recruitment Type: General Public - G

Job Duties

The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a DFIR Analyst with the Commonwealth Security and Risk Management Division.

The purpose of this position is to support the Commonwealth’s security incident response function by assisting in the collection, analysis, and documentation of cybersecurity incidents.

The Junior DFIR Analyst contributes to identifying potential threats, performing preliminary investigations, and helping classify incidents in alignment with Commonwealth policies and established response procedures.

This position supports agency security teams by gathering evidence, ensuring incident information is routed appropriately, and participating in authorized investigative tasks under supervision.

The role assists in maintaining digital forensics tools and lab resources, tracks emerging threats and vulnerabilities, and helps prepare routine reports and communication products that inform statewide cybersecurity awareness.

Success in this position requires strong attention to detail, critical thinking, and analytical curiosity.

The Junior DFIR Analyst must communicate clearly, collaborate effectively with team members and agency partners, and demonstrate professionalism, reliability, and a willingness to learn.

The role enhances the Commonwealth’s cybersecurity posture by contributing to timely incident response, strengthening investigative processes, and supporting continuous improvement efforts across CSRM.

Join VITA at The Boulders in Richmond, VA, where innovation meets impact! As the Commonwealth’s leading IT agency, we’re connecting, protecting, innovating, and powering Virginia’s digital future through collaboration, creativity, and purpose. Our team thrives in a vibrant, customer-focused environment that values growth, accountability, and forward thinking — all while making technology work for every corner of Virginia.

Minimum Qualifications

Experience with cybersecurity principles, including threats, vulnerabilities, and common attack vectors.

Experience with enterprise technologies including Windows and Linux systems, Active Directory basics, and common logging sources.

Considerable knowledge of incident response processes such as identification, containment, eradication, and recovery.

Experience using security tools (for example: SIEM platforms, endpoint protection tools, or log analysis utilities).

Foundational knowledge of networking concepts such as TCP/IP, DNS, routing, and firewalls.

Considerable experience with Microsoft Office productivity products (Excel, Word, PowerPoint, Outlook, Teams).

Experience in meeting deadlines.

Experience working with internal and external stakeholders.

Experience with interpretation and application of federal, state laws/regulations/standards/policies.

Additional Considerations

Hands-on experience with SIEM platforms (such as Splunk, Sentinel, or QRadar) including creating basic queries or dashboards.

Exposure to digital forensics concepts, such as memory analysis, disk imaging, or network packet capture review.

Familiarity with common cybersecurity frameworks or standards like MITRE ATT&CK, NIST 800 61, or CIS Controls.

Familiarity with COVA security standards (SEC501, SEC519, SEC525) and requirements for incident reporting and documentation.

Foundational scripting ability in Python, PowerShell, or Bash to automate simple tasks or parse log data.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

The Commonwealth of Virginia welcomes all applicants authorized to work in the United States. Sponsorship is not provided; therefore, applicants must be a citizen or national of the U.S., a Lawful Permanent Resident, or an alien authorized to work.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications, resumes, cover letters, etc. in any other format. Please refer to “Your Application” in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Reasonable accommodations are available to persons with disabilities during the application and/or interview processes per the Americans with Disabilities Act.

VITA is a “Virginia Values Veterans” (V3) official certified state agency that provides hiring preference to Veterans and Members of the Virginia National Guard in support of Executive Order 29, (2010). If you are a Veteran or Virginia National Guard Member, we encourage you to apply and receive preference in the hiring process. AmeriCorps, Peace Corps and other national service alumni also are encouraged to apply.

Contact Information

Name: VITA Human Resources

Phone: Recruitment@vita.virginia.gov

Email: Recruitment@vita.virginia.gov

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.