Digital Forensics Specialist - Cloud Platforms

About The Position

Requirements

• B.A. or B.S. degree in related field or equivalent work experience.
• Knowledge of digital forensics case management and the phases of the Electronic Discovery Reference Model.
• 3+ years working experience in incident response or digital forensics investigations.
• Knowledge of forensic tools and methods used to collect and analyze electronically stored information and devices, especially in the context of a civil lawsuit or corporate investigation.
• Knowledge of evidence collection, handling and storage procedures.
• Strong analytical and problem-solving skills.
• Understanding of network protocols and acquisition of electronically stored information (ESI) from network sources.
• Strong oral and written communication skills, including ability to explain complex concepts in clear, unambiguous terms.
• Ability to perform complex forensic investigations, including mobile, network, and memory analysis.
• Ability to manage multiple responsibilities while meeting established deadlines.

Nice To Haves

• Industry recognized digital forensics or eDiscovery training and/or certifications (CCE, ACE, EnCE, GCFE, etc.).
• Additional certifications from ISC2, IACIS, SANS, or other non-vendor specific training.
• Knowledge of the Computer Fraud and Abuse Act and similar legal statutes related to cyber crime.
• Experience with industry accepted and Open Source Digital Forensics tools.
• Experience in non-traditional environments, including cloud, IoT, and ICS.
• Demonstrated experience supporting digital forensic investigations in cloud-based environments, including Infrastructure-, Platform-, and Software-as-a-Service (IaaS, PaaS, SaaS) operating models.
• Working knowledge of forensic data acquisition, preservation, and analysis within public cloud platforms (e.g., AWS, Microsoft Azure), consistent with shared responsibility models.
• Experience analyzing cloud-native audit, security, and access logs, including identity activity, administrative actions, storage access, and API interactions.
• Familiarity with forensic and investigative considerations for cloud-based collaboration and productivity platforms, including email, file storage, messaging, and user activity artifacts.
• Experience partnering with incident response, security operations, legal, and compliance teams to support investigations involving cloud-hosted data and services.

Responsibilities

• Facilitate collaboration with internal and external stakeholders to include, but not limited to, Legal, Teammate Relations (Human Resources), Corporate Security, Incident Response, Security Operations, Compliance, Governance, and Senior Leadership.
• Support stakeholder investigations through the forensic acquisition and analysis of electronically stored information (ESI) and devices, including proper documentation and handling of data according to applicable standards, procedures, and industry best practices.
• Maintain expert knowledge of evidence collection, handling and storage procedures, including chain of custody best practices.
• Utilize approved forensic tools and methods to collect and analyze ESI and devices, especially in the context of corporate investigations, civil litigation, or criminal proceedings, to include witness testimony.
• Conduct digital forensic investigations into diverse, often complex allegations of misconduct and wrongdoing, including violations of company policy; government regulations; and local, state, and U.S. laws.
• Produce forensic reports in support of stakeholder investigations suitable for presentation in civil or criminal proceedings.
• Remain current on industry trends, tools, and procedures in cybersecurity and digital forensics.
• Perform formal and informal stakeholder training.

Benefits

• All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position.
• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.