Intermediate Digital Investigations Engineer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

MITRE’s Digital Investigations Department (L515) delivers innovative technical solutions and capabilities primarily focused on support to law enforcement and investigative cyber operations conducted by sponsors, most notably within DOJ, DHS, and DoW.  The department’s core technology areas are:

• Digital Investigations and Cases
• Digital/Media/Mobile Device Access and Forensics
• Digital Artifact Discovery
• Digital Evidence Processing
• Cryptocurrency Analysis and Seizure
• Cyber Attribution
• Darkweb Research
• Financial Cybercrime Analysis
• Social Media Exploitation

Roles & Responsibilities:

• Conduct digital investigations related to cybersecurity incidents, insider threat concerns, policy violations, and suspicious activity.
• Collect, preserve, analyze, and document digital evidence from endpoints, servers, mobile devices, cloud environments, logs, and network sources.
• Support cybersecurity operations by triaging alerts, correlating threat activity, and assisting with incident response and containment efforts.
• Perform forensic analysis using industry-standard tools and methodologies to determine attack vectors, timeline of events, impacted systems, and scope of compromise.
• Maintain chain of custody and proper evidence handling procedures in support of internal investigations and potential legal or regulatory matters.
• Analyze system, application, security, and network logs to identify indicators of compromise and anomalous behavior.
• Collaborate with Security Operations Center, Threat Intelligence, IT, HR, Legal, and Compliance teams during investigations.
• Prepare clear, concise, and defensible investigative reports, briefings, and technical documentation for both technical and non-technical audiences.
• Assist in developing and improving digital investigation procedures, playbooks, and evidence collection standards.
• Recommend remediation and mitigation actions based on investigative findings.
• Stay current on emerging cyber threats, attacker tactics, forensic techniques, and relevant technologies.

Basic Qualifications: 

• Typically requires a Bachelor’s degree and a minimum of 2 years of related experience; or an advanced degree with relevant experience who can immediately contribute at this job step; or equivalent combination of related education
• Experience supporting investigations involving endpoints, operating systems, user activity, malware, or network-based threats.
• Familiarity with common forensic and investigative tools, SIEM platforms, endpoint detection and response tools, and log analysis solutions.
• Knowledge of incident response processes, digital evidence handling, and forensic best practices.
• Understanding of Windows, Linux, and/or macOS operating systems and associated artifacts relevant to investigations.
• Strong analytical, problem-solving, and documentation skills.
• Ability to communicate investigative findings clearly to technical and non-technical stakeholders.
• This position requires a minimum of 4 days a week on-site

Preferred Qualifications: 

• Experience in a Security Operations Center, Computer Security Incident Response Team, or digital forensics function.
• Familiarity with cloud investigation techniques in environments such as Azure, AWS, or Google Cloud.
• Experience with eDiscovery, insider threat investigations, or fraud-related digital analysis.
• Exposure to malware analysis, threat hunting, or network forensics.
• Relevant certifications such as Security+, CySA+, GCFA, GCIH, GCFE, EnCE, CHFI, or similar.
• Knowledge of regulatory, compliance, and privacy considerations related to investigations.

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

None

Salary compensation range and midpoint:

$103,600 - $129,500 - $155,400 Annual

Work Location Type:

Onsite

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here.

Copyright © 1997-2026, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.