About the Role
This position involves leading forensic investigations and incident response efforts for clients, analyzing security breaches, and delivering actionable findings while working primarily from midweek through Sunday.
Compensation
Competitive salary based on experience
Work Arrangement
Hybrid with required on-site presence Wed-Sun
Team
Collaborative team environment focused on incident response and digital forensics
Responsibilities
- Lead digital forensic examinations across various client environments
- Respond to security incidents with rapid deployment and analysis
- Produce detailed technical reports for internal and client use
- Conduct memory and disk analysis to identify compromise indicators
- Support legal and regulatory investigations involving digital evidence
- Provide expert guidance during active cyber attacks
- Perform malware analysis to determine attack vectors
- Assist in the development of incident response playbooks
- Deliver on-site and remote response services as needed
- Coordinate with legal, compliance, and IT teams during investigations
- Maintain chain of custody for digital evidence
- Testify or support expert opinions in legal proceedings when required
- Stay current with evolving attack techniques and forensic tools
- Train junior staff on forensic methodologies
- Work closely with clients to understand their infrastructure
- Document investigation timelines and technical findings
- Use forensic tools such as FTK, EnCase, and open-source alternatives
- Analyze logs and network data to trace attacker movements
- Conduct timeline analysis to reconstruct events
- Support cloud-based incident investigations
- Evaluate endpoint detection and response data
- Assist in phishing and email compromise cases
- Perform data carving and file recovery tasks
- Apply knowledge of Windows, Linux, and macOS systems
- Work within defined legal and procedural frameworks
Requirements
- Bachelor's degree in computer science, information security, or related field
- Minimum of five years in digital forensics or incident response
- Proven experience with forensic tool suites
- Strong understanding of network protocols and system architecture
- Hands-on experience with malware analysis
- Familiarity with cloud environments and their forensic challenges
- Certifications such as GCFA, GNFA, or CCE are strongly preferred
- Ability to work under pressure during active incidents
- Excellent written and verbal communication skills
- Experience writing forensic reports for technical and non-technical audiences
- Knowledge of common attack vectors and threat actors
- Proficiency in scripting languages for automation
- Understanding of legal standards for digital evidence
- Willingness to travel for on-site engagements
- Availability to work evenings and weekends as needed
- Strong problem-solving and analytical abilities
- Experience with SIEM and EDR platforms
- Ability to explain technical findings clearly to clients
- Track record of managing multiple investigations simultaneously
- Familiarity with regulatory frameworks like GDPR or HIPAA
- Understanding of encryption and its impact on investigations
- Experience with mobile device forensics
- Knowledge of anti-forensic techniques
- Commitment to professional ethics and confidentiality
- Adaptability to diverse client environments
Preferred Qualifications
- Master's degree in cybersecurity or related discipline
- Prior experience in law enforcement or government response teams
- Certifications including OSCP, CISSP, or CEH
- Public speaking or teaching experience in cybersecurity topics
- Contributions to open-source forensic tools
- Published articles or presentations on DFIR subjects
- Experience with industrial control systems forensics
- Knowledge of financial sector incident patterns
- Second language proficiency
- Experience mentoring technical teams
Available for qualified candidates
