State of Minnesota

Job Summary

As a Digital Forensics Examiner for Minnesota IT Services (MNIT), you will assume advanced technical role within MNIT Forensics to provide the State of Minnesota with digital forensics, electronic discovery, and incident response services based on established Enterprise policies, programs, laws, and regulations.

This position conducts digital forensics investigations for enterprise security based incidents and internal investigations. The position may assist other government entities with investigations as well as consult with them on security and digital forensics matters as well as perform electronic discovery and assist human resources and legal teams in this area. This position uses tools and investigative techniques to acquire, analyze, document and report on the digital forensic artifacts, system-level details, metadata, and other investigative material associated with security incidents, internal investigations, electronic discovery, and other investigative requests.

You will be part of an expanding forensics team that engages in a wide-variety of interesting and very important work. You will play a key role within the forensics lab and assist with improving services, automation, implementing new technologies, developing documentation, and building key relationships with our customers.

Responsibilities to include:

Perform comprehensive digital forensics examinations in support of agency investigations and litigations while following industry-established best practices and MNIT Forensics established protocols.
Manage digital forensics examinations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and testimony)
Determine the root cause of security incidents and make recommendations on security controls to prevent and/or mitigate against future incidents.
Perform digital forensics examinations to include collection in a live client-server environment utilizing validated remote forensic software.
Perform electronic discovery, assist human resource personnel and legal teams on electronic
Preserve evidence and maintain chain of custody documentation
Perform computer forensics security compliance auditing, planning and problem resolution and create security incident reports and advisories for MNIT business partners, management and other appropriate staff
Serves as a technical resource for security projects on any enterprise project; may review work of other information security staff
Research and stay abreast of potential security information security threats and works as a part of a team to proactively mitigate their impact
Maintain and improve digital forensics skill sets, maintain any required certifications, mentor and train other MNIT Forensics staff as needed
Maintain the MNIT Forensics lab, assist with documentation, software upgrades/updates, and forensic processes and procedures


Minimum Qualifications:
Candidates must clearly demonstrate all of the following qualifications in their resume:

This position requires a minimum of four (4) years of experience in an information security or digital forensics role that includes:

Working knowledge and experience with computer hardware and ability to disassemble/assemble a wide variety of hardware types to include desktops, laptops, tablets, smartphones, printers, etc.
Experience with multiple operating systems (ex: Windows, Linux, Mac, Android, etc.)
Experience with multiple file systems (ex: NTFS, EXT3/4, HFS/HFS+, Android, etc.)
Experience with network based forensics
Experience with live system forensics
Experience with static-box / dead-box forensics
Experience with security controls and technologies such as IDS/IPS, ACLs, Endpoint Security such as Anti-Virus and Malware detection tools, OS hardening, encryption, and SIEM systems.
Experience with networking / communication technologies such as routers, firewalls, switches, ports, and protocols (HTTP, TCP/IP, SSL, SSH, Telnet, SFTP/FTP, RDP, etc.)
*A Master’s degree in Information Technology or a related field substitutes for three years of experience, related Bachelor’s degree substitutes for two years, or related Associate’s substitutes for one year.

Successful candidate must pass past-employer reference checks and a criminal history verification

It is the policy of Minnesota IT Services that all employees submit to a background investigation prior to employment. The background check may consist of the following components:

SEMA4 Records Check (applies to current and past state employees only)
Criminal History Check
Employment Reference Check
Social Security and Address Verification
Education Verification
CJIS Fingerprinting Background Check

Minnesota IT Services will not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

Preferred Qualifications:
Five (5) years of experience in an information security or digital forensics role
Certifications: CISSP, CCE, GSFI, CFCE, ENCE and ACE or other relevant information security or forensics certification
Experience with mobile forensics
Experience with malware investigations and reverse engineering malware
Experience with scripting and automation tools and techniques
Ability to compose clear, concise, and complete technical documentation and digital forensics investigative reports
Ability to lead and act as part of a team, react quickly and effectively to daily threats from external and internal sources on a 24/7 basis
High attention to detail
High ethical standard
Excellent communication skills

Application Details

Why work for us
Minnesota IT Services offers a comprehensive benefits package including low cost medical and dental insurance, employer paid life insurance, short and long term disability, pre-tax flexible spending accounts, defined benefit pension plan, tax-deferred compensation plan (457), generous vacation and sick leave, and 11 paid holidays each year. In addition, at the management’s discretion, Minnesota IT Services offers flexible work scheduling, telework options, mentorship opportunities, employee recognition and reward programs, and paid training and development. Join Minnesota IT Services now and stay for a career!

How to Apply
This vacancy is open for all qualified applicants. Contractual obligations will be considered prior to filling the position via other means.

Click “Apply” at the bottom of this page. If you have questions about applying for jobs, contact the job information line at 651-259-3637.

For additional information about the application process, go to

To be considered for any Veteran’s Status, you MUST indicate this on your application.

RECENTLY SEPARATED VETERANS (RSV): Effective July 1, 2009, legislation provides that the top five RSV applicants who apply and meet the qualifications for a vacancy shall be granted an interview. To qualify, you must meet the following: 1) have separated under honorable conditions from any branch of the armed forces of the United States; 2) have served on active duty for 181 consecutive days or more or for the full period ordered to active duty or have separated by reason of disability incurred while serving on active duty; 3) be a United States citizen or resident alien; and 4) have served in active military service at any time on or after September 11, 2001, as shown on your DD-214 form. To be considered under this legislation, you must: 1) meet all Minimum Qualifications identified in this posting; 2) meet all of the above RSV criteria; and 3) submit a copy of your DD-214 form by the closing date to: Failure to submit your DD-214 form will affect your consideration for an interview under this legislation.

CERTAIN DISABLED VETERANS: Effective August 1, 2012, legislation provides state agencies with the option to appoint certain disabled veterans on a noncompetitive basis if you: 1) meet service requirements and have a verified service-connected disability rating of at least 30%; 2) provide qualifying documentation verifying the disability; and 3) meet all Minimum Qualifications identified in this posting. To be considered under this legislation you must submit all documentation by the closing date to:

If you have questions about the position, contact Jenny Hickey at

Apply here: