Digital Forensic & Incident Response Lead Engineer (hybrid)

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

Digital Forensic & Incident Response Lead Engineer

You will be in a foundational role in the Cencora Global Security Operations Center, contributing thought leadership and expertise to grow our digital forensics and incident response program. You will work closely with team members to perform threat detection and incident response, providing expert guidance to junior analysts and other teams.

The ideal candidate will have extensive experience in digital and network forensics, incident response, and cybersecurity operations in large, international organizations. Must be comfortable leading investigations, forensic examination, evidence acquisition from cloud, on-premise, and remote systems, while maintaining chain of custody and adhering to rules of evidence.

This position offers hybrid work options in Carrollton, TX.

1. Manage case load and assist with forensic analysis and reporting.
2. Manage evidence intake, outtake, and storage.
3. Use advanced network traffic analysis to identify compromised systems and resource anomalies.
4. Lead cyber incident response engagements.
5. Support the Regional Manager as a backup.
6. Assist colleagues with event and incident analysis.
7. Collaborate with other security teams to elevate security posture.
8. Oversee staff development to ensure procedures follow policies and best practices.
9. Conduct root cause analysis and identify attack indicators.
10. Deliver reports as needed.
11. Participate in on-call rotation, including weekends.
12. Participate in incident response exercises and drills.
13. Conduct training sessions on new technologies.
14. Develop and implement runbooks and SOPs.

• BA/BS degree preferred but flexible with experience.
• Six or more years of security experience in Cybersecurity, Digital Forensics, and Incident Response.
• Experience with Axiom, FTK, SIFT, Volatility, and Timeline analysis.
• Leadership experience (highly desired).
• Strong knowledge of Windows, Active Directory, MS-SQL, Azure, Linux/Unix, Mac, AWS.
• Understanding of networking, packet captures, and NetFlow.
• Experience with SIEM, EDR, email security, SOAR, Firewall, anti-virus, web gateway, DNS tools.
• Handling sophisticated cyber incidents.
• Knowledge of security frameworks (MITRE ATT&CK, D3FEND, NIST, Kill Chain).
• Scripting experience (Python, PowerShell, Bash).
• Excellent communication skills.
• DFIR certifications (GCFE, GCFA, GNFA, CFCE, etc.).
• Preferred: MCCE, MCFE, GCFR certifications.

We provide comprehensive benefits supporting wellness, personal growth, and inclusive culture. Details available at https://www.virtualfairhub.com/cencora.

Cencora is committed to equal opportunity employment and reasonable accommodations for individuals with disabilities. For accommodations, contact 888.692.2272 or hrsc@cencora.com.