Intermediate Digital Investigations Engineer

About The Position

Requirements

• Typically requires a Bachelor’s degree and a minimum of 2 years of related experience; or an advanced degree with relevant experience who can immediately contribute at this job step; or equivalent combination of related education
• Experience supporting investigations involving endpoints, operating systems, user activity, malware, or network-based threats.
• Familiarity with common forensic and investigative tools, SIEM platforms, endpoint detection and response tools, and log analysis solutions.
• Knowledge of incident response processes, digital evidence handling, and forensic best practices.
• Understanding of Windows, Linux, and/or macOS operating systems and associated artifacts relevant to investigations.
• Strong analytical, problem-solving, and documentation skills.
• Ability to communicate investigative findings clearly to technical and non-technical stakeholders.

Nice To Haves

• Experience in a Security Operations Center, Computer Security Incident Response Team, or digital forensics function.
• Familiarity with cloud investigation techniques in environments such as Azure, AWS, or Google Cloud.
• Experience with eDiscovery, insider threat investigations, or fraud-related digital analysis.
• Exposure to malware analysis, threat hunting, or network forensics.
• Relevant certifications such as Security+, CySA+, GCFA, GCIH, GCFE, EnCE, CHFI, or similar.
• Knowledge of regulatory, compliance, and privacy considerations related to investigations.

Responsibilities

• Conduct digital investigations related to cybersecurity incidents, insider threat concerns, policy violations, and suspicious activity.
• Collect, preserve, analyze, and document digital evidence from endpoints, servers, mobile devices, cloud environments, logs, and network sources.
• Support cybersecurity operations by triaging alerts, correlating threat activity, and assisting with incident response and containment efforts.
• Perform forensic analysis using industry-standard tools and methodologies to determine attack vectors, timeline of events, impacted systems, and scope of compromise.
• Maintain chain of custody and proper evidence handling procedures in support of internal investigations and potential legal or regulatory matters.
• Analyze system, application, security, and network logs to identify indicators of compromise and anomalous behavior.
• Collaborate with Security Operations Center, Threat Intelligence, IT, HR, Legal, and Compliance teams during investigations.
• Prepare clear, concise, and defensible investigative reports, briefings, and technical documentation for both technical and non-technical audiences.
• Assist in developing and improving digital investigation procedures, playbooks, and evidence collection standards.
• Recommend remediation and mitigation actions based on investigative findings.
• Stay current on emerging cyber threats, attacker tactics, forensic techniques, and relevant technologies.

Benefits

• Competitive benefits
• Exceptional professional development opportunities for career growth