Cybersecurity Incident Response & Digital Forensics Analyst

Job Openings Cybersecurity Incident Response & Digital Forensics Analyst

Cybersecurity Incident Response & Digital Forensics Analyst

We are seeking a Cybersecurity Incident Response & Digital Forensics Analyst to lead security incident management, conduct digital forensic investigations, and manage the complete incident lifecycle including containment, eradication, and recovery while providing expert forensic analysis to determine attack vectors and attribution.

Lead security incident response activities following established IR procedures and frameworks (NIST 800-61)

Perform rapid containment and isolation of compromised systems to prevent lateral movement

Coordinate incident response team activities and communicate with stakeholders during active incidents

Execute eradication procedures to remove threats and implement recovery strategies for affected systems

Conduct post-incident reviews and lessons learned sessions to improve response capabilities

Perform digital forensic analysis on compromised systems, networks, and digital evidence

Conduct disk imaging, memory analysis, and network traffic examination using forensic tools

Analyze malware samples, attack techniques, and tactics, techniques, and procedures (TTPs)

Reconstruct attack timelines and determine initial compromise vectors and attack progression

Preserve evidence integrity and maintain proper chain of custody for legal proceedings

Threat Analysis & Attribution

Analyze threat intelligence and correlate indicators of compromise (IOCs) with ongoing investigations

Conduct threat hunting activities to identify advanced persistent threats and insider threats

Perform behavioral analysis and pattern recognition to identify sophisticated attack campaigns

Document attack methodologies, tools used, and provide attribution assessments

Collaborate with law enforcement and external threat intelligence sources when appropriate

Documentation & Reporting

Create comprehensive incident reports including technical analysis and business impact assessments

Document forensic findings and maintain detailed investigation case files

Prepare executive briefings and technical reports for management and legal teams

Develop and maintain incident response playbooks and forensic investigation procedures

Support legal proceedings by providing expert testimony and forensic evidence analysis

Technical Skills

6+ years experience in cybersecurity incident response and digital forensics

Expert proficiency with forensic tools (EnCase, FTK, Volatility, Autopsy, SIFT, REMnux)

Strong knowledge of Windows, Linux, and macOS forensics and system internals

Experience with network forensics, packet analysis, and log correlation techniques

Understanding of malware analysis, reverse engineering, and threat hunting methodologies

Proficiency in scripting languages (Python, PowerShell) for automation and analysis

Proven experience managing complex security incidents from detection through recovery

Strong analytical skills for reconstructing attack scenarios and identifying root causes

Knowledge of legal and regulatory requirements for digital evidence handling

Experience with threat intelligence platforms and indicators of compromise analysis

Understanding of compliance frameworks and breach notification requirements

Preferred Qualifications

Bachelor's degree in Cybersecurity, Computer Science, or related field

Security certifications (GCIH, GCFA, GNFA, CISSP, CISM, CCE)

Experience with cloud forensics (AWS, Azure, GCP) and containerized environment investigations

Background in law enforcement or military cybersecurity operations

Knowledge of threat actor groups, attack frameworks (MITRE ATT&CK), and cyber threat landscape