Digital Forensics Investigations and Cybersecurity Analyst

The Digital Forensics Investigations and Cybersecurity Analyst provides technical, investigative, and analytical support related to digital evidence and cyber incidents, coordinating with City of Dubuque IT in partnership with law enforcement and translating complex technical information for non-technical audiences.

Responsibilities

• Provide technical support during criminal, administrative, and intelligence investigations involving electronic evidence across computers, mobile devices, cloud platforms, networks, and digital accounts.
• Work under the direction of the CISO to support cybersecurity operations, digital evidence processes, and investigative technology needs.
• Identify, collect, preserve, and document digital evidence following chain-of-custody procedures, legal requirements, and departmental standards.
• Analyze logs, endpoint data, email activity, account usage, browser history, metadata, registry artifacts, and cloud-based records to identify relevant activity and investigative leads.
• Support investigations involving cybercrime, fraud, unauthorized access, account compromise, malware, data exfiltration, or other technology-related offenses.
• Assist with identifying indicators of compromise, suspicious behaviors, vulnerabilities, and cybersecurity risks affecting City systems.
• Support incident response activities related to intrusions, malware, credential compromise, or unauthorized access.
• Prepare clear and defensible technical reports that summarize methods, findings, timelines, and conclusions.
• Present technical findings to investigators, supervisors, prosecutors, and other stakeholders.
• Coordinate with the CISO, prosecutors, investigators, outside agencies, and approved vendors regarding evidence handling and cybersecurity matters.
• Testify in court as needed regarding digital evidence or technical findings.
• Assist in developing and maintaining procedures for digital evidence handling, cybersecurity response, and secure technology practices.
• Provide training and guidance to authorized staff on digital evidence preservation, cyber awareness, and secure practices.
• Maintain current knowledge of forensic, cybersecurity, and investigative tools and methods.
• Perform other related duties as assigned.

Requirements

• Digital Evidence and Forensics – Knowledge of identifying, collecting, preserving, analyzing, and documenting digital evidence from computers, mobile devices, cloud environments, user accounts, and related systems.
• Cybersecurity Operations – Knowledge of incident response, threat detection, malware behavior, unauthorized access, account compromise, indicators of compromise, and protection of sensitive information systems.
• Law Enforcement Support – Understanding the role technology plays in criminal investigations, administrative reviews, intelligence functions, and interagency coordination.
• Law and Government – Familiarity with applicable laws, court procedures, evidentiary requirements, privacy considerations, search and seizure principles, and government regulations related to digital investigations and public-sector technology operations.
• Public Safety and Security – Knowledge of procedures and practices that support public safety operations, secure law enforcement environments, and protection of criminal justice information.
• Standards and Compliance – Awareness of CJIS Security Policy, NIST guidance, ISO/IEC 27037, chain-of-custody practices, and applicable privacy or regulatory requirements.
• Operating Systems and File Systems – Knowledge of Windows, Linux, and macOS, common file systems, endpoint artifacts, user activity traces, and system-generated records.
• Networks, Systems, and Cloud Platforms – Understanding of networking concepts, logging, authentication, cloud services, account management, and enterprise technologies encountered during investigations and cybersecurity reviews.
• Analytical Ability – Ability to collect, correlate, and interpret technical data from multiple sources; recognize patterns and anomalies; and develop logical, evidence-based conclusions.
• Technical Communication – Capability to prepare clear, organized documentation, reports, and summaries, and explain complex technical information to non-technical audiences.
• Collaboration and Coordination – Ability to work effectively with the CISO, law enforcement personnel, attorneys, outside agencies, and other stakeholders in a team-based environment.
• Training and Guidance – Capacity to provide instruction and practical guidance on digital evidence handling, cyber awareness, and investigative technology matters.
• Confidentiality and Professional Judgment – Ability to handle highly sensitive information with discretion, maintain evidentiary integrity, and uphold ethical standards.
• Adaptability and Continuous Learning – Willingness to stay current with evolving technology, cybersecurity threats, investigative tools, and legal considerations.

Technologies

• Windows
• Linux
• macOS
• CJIS Security Policy
• NIST guidance
• ISO/IEC 27037

Supplemental Information

• Residency Requirement: Principal place of residence within fifty miles of the city limits of Dubuque, to be established as soon as practicable after appointment and no later than two years.

Supervisory Status

• None

FLSA Status

• Exempt