Digital Forensic & Incident Response Lead Engineer (hybrid)

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

Digital Forensic & Incident Response Lead Engineer

You will be in a foundational role in the Cencora Global Security Operations Center, contributing expertise to grow our digital forensics and incident response program. You will perform threat detection, incident response, and guide junior analysts and other teams.

The ideal candidate will have extensive experience in digital and network forensics, incident response, and cybersecurity operations in large, international organizations. Must be capable of leading investigations and forensic examinations across cloud, on-premise, and remote systems, maintaining chain of custody and adhering to evidence rules.

This position offers hybrid work options in Carrollton, TX.

1. Manage case load and assist with forensic analysis and reporting as needed.
2. Manage evidence intake, outtake, and storage.
3. Identify compromised systems and resource anomalies using advanced network traffic analysis.
4. Lead cyber incident response engagements.
5. Support the Continuous Security Operations team with complex analysis.
6. Collaborate with other cybersecurity teams to elevate security posture.
7. Oversee staff development to ensure proper forensic procedures.
8. Conduct root cause analysis for attacks or compromises.
9. Deliver reports in verbal and written form.
10. Participate in on-call rotations and incident response drills.
11. Provide knowledge transfer and develop operational procedures.

• BA/BS degree highly desired but flexible with experience.
• Six or more years in cybersecurity, digital forensics, and incident response.
• Experience with Axiom, FTK, SIFT, Volatility, and Timeline analysis.
• Leadership experience (preferred).
• Strong knowledge of Windows, Active Directory, MS-SQL, Azure, Linux/Unix, Mac, AWS.
• Understanding of networking, packet captures, NetFlow.
• Experience with SIEM, EDR, firewalls, and security tools.
• Handling sophisticated cyber incidents.
• Knowledge of cybersecurity frameworks (MITRE ATT&CK, NIST, etc.).
• Scripting skills (Python, PowerShell, Bash).
• Excellent communication skills.
• DFIR certifications (GCFE, GCFA, GNFA, CFCE, etc.).

We provide competitive compensation, benefits, and resources supporting an inclusive culture and personal growth. Benefits include health coverage, wellness programs, family support, training, and development opportunities. More details at https://www.virtualfairhub.com/cencora.

Cencora is committed to equal opportunity employment and reasonable accommodations for individuals with disabilities. For accommodation requests, contact 888.692.2272 or hrsc@cencora.com.