Digital Forensic & Incident Response Lead Engineer (hybrid)

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

As a highly skilled Digital Forensic & Incident Response Lead Engineer, you will play a foundational role in the Cencora Global Security Operations Center. You will contribute thought leadership and expertise to the growth of our digital forensics incident response program. You will work closely with team members to perform threat detection and incident response, providing expert guidance to junior analysts and other teams within the organization.

The ideal candidate will have extensive experience in digital and network forensics, incident response, and cybersecurity operations in large, international organizations. Must be comfortable leading investigations and forensic examinations, including evidence acquisition from cloud, on-premise, and remote systems, ensuring chain of custody and adherence to evidence rules.

This position offers hybrid work options in Carrollton, TX.

1. Manage case load and assist with forensic analysis and reporting.
2. Manage evidence intake, outtake, and storage.
3. Use network traffic analysis to identify compromised systems and resource anomalies.
4. Lead cyber incident response engagements as a senior incident response leader.
5. Serve as backup to the Regional Security Operations Manager.
6. Support colleagues with complex event and incident analysis.
7. Collaborate with various security teams to elevate security posture.
8. Oversee staff development to ensure proper forensic procedures.
9. Conduct investigations and root cause analysis.
10. Deliver verbal and written reports.
11. Participate in on-call rotations and incident response drills.
12. Conduct training sessions for the Security Operations team.
13. Develop and implement runbooks and SOPs.

• BA/BS degree or relevant experience.
• Six or more years in cybersecurity, digital forensics, and incident response.
• Experience with Axiom, FTK, SIFT, Volatility, and Timeline analysis.
• Two years in a lead role (preferred).
• Knowledge of Windows, Active Directory, MS-SQL, Azure, Linux/Unix, Mac, AWS.
• Understanding of networking and packet analysis.
• Experience with SIEM, EDR, email security, SOAR, firewalls, antivirus, web gateways, DNS.
• Experience handling high-priority cyber incidents.
• Familiarity with industry frameworks (MITRE ATT&CK, NIST, etc.).
• Scripting skills (Python, PowerShell, Bash).
• Excellent communication skills.
• DFIR certifications (e.g., GCFE, GCFA, GNFA, CFCE).
• Preferred certifications include MCCE, MCFE, GCFR.

#LI-MD1

We provide competitive compensation, comprehensive benefits, and resources that foster an inclusive culture. Benefits include health coverage, wellness programs, support for working families, training, professional development, mentorship, and more. For details, visit https://www.virtualfairhub.com/cencora.

Cencora is committed to equal opportunity employment, prohibiting discrimination and harassment, and providing reasonable accommodations for individuals with disabilities. To request accommodations, contact 888.692.2272 or email hrsc@cencora.com. Messages unrelated to accommodations will not be addressed.

Affiliated Companies: AmerisourceBergen Services Corporation