Cybersecurity Incident Response & Digital Forensics Analyst

About the job Cybersecurity Incident Response & Digital Forensics Analyst

Cybersecurity Incident Response & Digital Forensics Analyst

We are seeking a Cybersecurity Incident Response & Digital Forensics Analyst to lead security incident management, conduct digital forensic investigations, and manage the complete incident lifecycle including containment, eradication, and recovery while providing expert forensic analysis to determine attack vectors and attribution.

Incident Response Management

• Lead security incident response activities following established IR procedures and frameworks (NIST 800-61)
• Perform rapid containment and isolation of compromised systems to prevent lateral movement
• Coordinate incident response team activities and communicate with stakeholders during active incidents
• Execute eradication procedures to remove threats and implement recovery strategies for affected systems
• Conduct post-incident reviews and lessons learned sessions to improve response capabilities

Digital Forensics Investigation

• Perform digital forensic analysis on compromised systems, networks, and digital evidence
• Conduct disk imaging, memory analysis, and network traffic examination using forensic tools
• Analyze malware samples, attack techniques, and tactics, techniques, and procedures (TTPs)
• Reconstruct attack timelines and determine initial compromise vectors and attack progression
• Preserve evidence integrity and maintain proper chain of custody for legal proceedings

Threat Analysis & Attribution

• Analyze threat intelligence and correlate indicators of compromise (IOCs) with ongoing investigations
• Conduct threat hunting activities to identify advanced persistent threats and insider threats
• Perform behavioral analysis and pattern recognition to identify sophisticated attack campaigns
• Document attack methodologies, tools used, and provide attribution assessments
• Collaborate with law enforcement and external threat intelligence sources when appropriate

Documentation & Reporting

• Create comprehensive incident reports including technical analysis and business impact assessments
• Document forensic findings and maintain detailed investigation case files
• Prepare executive briefings and technical reports for management and legal teams
• Develop and maintain incident response playbooks and forensic investigation procedures
• Support legal proceedings by providing expert testimony and forensic evidence analysis

Technical Skills

• 6+ years experience in cybersecurity incident response and digital forensics
• Expert proficiency with forensic tools (EnCase, FTK, Volatility, Autopsy, SIFT, REMnux)
• Strong knowledge of Windows, Linux, and macOS forensics and system internals
• Experience with network forensics, packet analysis, and log correlation techniques
• Understanding of malware analysis, reverse engineering, and threat hunting methodologies
• Proficiency in scripting languages (Python, PowerShell) for automation and analysis

Investigation Skills

• Proven experience managing complex security incidents from detection through recovery
• Strong analytical skills for reconstructing attack scenarios and identifying root causes
• Knowledge of legal and regulatory requirements for digital evidence handling
• Experience with threat intelligence platforms and indicators of compromise analysis
• Understanding of compliance frameworks and breach notification requirements

• Bachelor's degree in Cybersecurity, Computer Science, or related field
• Security certifications (GCIH, GCFA, GNFA, CISSP, CISM, CCE)
• Experience with cloud forensics (AWS, Azure, GCP) and containerized environment investigations
• Background in law enforcement or military cybersecurity operations
• Knowledge of threat actor groups, attack frameworks (MITRE ATT&CK), and cyber threat landscape