Job Description
About the position Responsibilities • Independently conduct detailed forensic investigations into cyber incidents, data breaches, malware infections, unauthorized access, insider threats, fraud and abuse, and employee misconduct. • Analyze digital evidence from sources such as cloud platforms, networks, servers, endpoints, and mobile devices. • Interpret device and application logs from a variety of sources (e.g., firewalls, proxies, web servers, system logs, Splunk, packet captures) to identify anomalies or evidence of compromise. • Prepare comprehensive investigative reports, including findings, conclusions, and recommendations for remediation and future prevention. • Present findings to technical and non-technical team members, including legal and executive leadership. • Ensure all forensic activities adhere with legal and regulatory requirements, including chain of custody and data protection laws. • Provide training and mentorship to other forensic investigators and collaborate with cybersecurity teams. • Support real-time incident response efforts and participate in on-call rotations. • Manage the Digital Forensics Lab environment, including tools, evidence handling, and process integrity. • Enhance forensic capabilities by building tools, scripts, and methodologies. • Travel domestically and internationally occasionally for meetings, training sessions, and on-site investigations. Requirements • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent professional experience (typically 8+ years in digital forensics or incident response). • 5-7+ years in digital forensics, incident response, or a related cybersecurity discipline. • In-depth understanding of network intrusion methods and cyber attack TTPs. • Hands-on experience conducting forensics and incident response in cloud environments (e.g., AWS, Google Cloud, Microsoft Azure) and across multiple operating systems, including Windows, Linux, and macOS. • Experience using Endpoint Detection and Response (EDR/XDR) tools for threat hunting, log analysis, and investigative support. • Proficiency in the MITRE ATT & CK Framework with experience applying these to digital forensics investigations. • Experience with digital forensics tools (e.g., Axiom, Autopsy, Volatility, EnCase, FTK, Cellebrite), and decryption and data recovery tools. • Familiarity with SIEM and SOAR platforms (e.g., Splunk, Chronicle, Sentinel) for log correlation and automated response. • One or more certifications such as GCFA, GCFE, EnCE, or equivalent. • Expertise in cyber threats, attack vectors, and advanced mitigation strategies and guiding strategic response efforts. • Proficiency with forensic tools (e.g., EnCase, Magnet AXIOM, X-Ways, SANS SIFT), including both commercial and open-source solutions. • Expertise in forensic techniques such as memory forensics, network forensics, malware analysis, and timeline reconstruction. • Scripting and programming capabilities in languages such as PowerShell, Bash, Python, Ruby, or Java to automate forensic tasks and develop custom analysis tools. • Knowledge of legal, regulatory, and evidentiary standards related to digital forensics and incident response. Benefits • Great compensation package and bonus plan. • Core benefits including medical, dental, vision, and matching 401K. • Flexible work environment, ability to work remote, hybrid or in-office. • Flexible time off including volunteer time off, vacation, sick and 12-paid holidays. Apply tot his job Apply tot his job Apply tot his job
Apply tot his job
Apply To this Job