Digital Forensics and Incident Response Analyst



  • Oversee incident response tasks and train junior staff
  • Use cutting-edge technology to do search and investigative work to look at endpoint and network-based activity, such as Endpoint Detection & Response tools, SEIM-based log analysis, and full packet capture
  • Probably anticipated to serve as the main point of contact for an outside agency
  • Conduct thorough investigations, pinpoint root causes, and share information with all relevant parties, including technical personnel and leadership
  • Perform host-based forensics, network forensics, log analysis, triage, limited malware analysis, and incident response in support of these activities
  • Produces end-of-shift reports for documentation and information sharing with incoming analysts
  • Implement remediation plans in response to incidents in collaboration with important stakeholders
  • Author Standard Operating Procedures (SOPs) and training documentation when needed
  • Create security-related content, scripts, tools, or techniques to improve incident investigation procedures


  • 8 years of general experience, with a minimum of 6 years as an incident responder/handler (less experience may be taken into account if there is extra schooling, certificates, or other relevant characteristics)
  • Deep packet and log analysis
  • Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts
  • Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience
  • Advanced knowledge of TCP/IP protocols
  • Forensic and Malware Analysis
  • Bachelor-s degree or equivalent experience
  • Knowledge of Windows, Linux operating systems
  • Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
  • Cyber Threat and Intelligence gathering, and analysis preferred

Apply for this role: