About the position
Responsibilities
• Independently conduct detailed forensic investigations into cyber incidents, data breaches, malware infections, unauthorized access, insider threats, fraud and abuse, and employee misconduct.
• Analyze digital evidence from sources such as cloud platforms, networks, servers, endpoints, and mobile devices.
• Interpret device and application logs from a variety of sources (e.g., firewalls, proxies, web servers, system logs, Splunk, packet captures) to identify anomalies or evidence of compromise.
• Prepare comprehensive investigative reports, including findings, conclusions, and recommendations for remediation and future prevention.
• Present findings to technical and non-technical team members, including legal and executive leadership.
• Ensure all forensic activities adhere with legal and regulatory requirements, including chain of custody and data protection laws.
• Provide training and mentorship to other forensic investigators and collaborate with cybersecurity teams.
• Support real-time incident response efforts and participate in on-call rotations.
• Manage the Digital Forensics Lab environment, including tools, evidence handling, and process integrity.
• Enhance forensic capabilities by building tools, scripts, and methodologies.
• Travel domestically and internationally occasionally for meetings, training sessions, and on-site investigations.
Requirements
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Equivalent professional experience (typically 8+ years in digital forensics or incident response).
• 5-7+ years in digital forensics, incident response, or a related cybersecurity discipline.
• In-depth understanding of network intrusion methods and cyber attack TTPs.
• Hands-on experience conducting forensics and incident response in cloud environments (e.g., AWS, Google Cloud, Microsoft Azure) and across multiple operating systems, including Windows, Linux, and macOS.
• Experience using Endpoint Detection and Response (EDR/XDR) tools for threat hunting, log analysis, and investigative support.
• Proficiency in the MITRE ATT & CK Framework with experience applying these to digital forensics investigations.
• Experience with digital forensics tools (e.g., Axiom, Autopsy, Volatility, EnCase, FTK, Cellebrite), and decryption and data recovery tools.
• Familiarity with SIEM and SOAR platforms (e.g., Splunk, Chronicle, Sentinel) for log correlation and automated response.
• One or more certifications such as GCFA, GCFE, EnCE, or equivalent.
• Expertise in cyber threats, attack vectors, and advanced mitigation strategies and guiding strategic response efforts.
• Proficiency with forensic tools (e.g., EnCase, Magnet AXIOM, X-Ways, SANS SIFT), including both commercial and open-source solutions.
• Expertise in forensic techniques such as memory forensics, network forensics, malware analysis, and timeline reconstruction.
• Scripting and programming capabilities in languages such as PowerShell, Bash, Python, Ruby, or Java to automate forensic tasks and develop custom analysis tools.
• Knowledge of legal, regulatory, and evidentiary standards related to digital forensics and incident response.
Benefits
• Great compensation package and bonus plan.
• Core benefits including medical, dental, vision, and matching 401K.
• Flexible work environment, ability to work remote, hybrid or in-office.
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.
Apply Now
Apply Now