Prin Analyst Cyber Security Ops - Digital Forensics
About The Position
Fresenius Medical Care’s Cyber Security Operations Center (CSOC) is seeking a highly experienced Principal Analyst The Principal Cyber Security Analyst specializing in Digital Forensics serves as the senior technical authority for forensic investigations across the enterprise. This role leads complex incident response cases, conducts advanced forensic analysis of endpoints, servers, cloud environments, and networks, and provides strategic insight to reduce organizational risk. The Principal Analyst acts as the highest level escalation point for investigative matters and mentors other analysts in evidence handling, methodology , and tooling. This is a U.S.-based remote position supporting Fresenius Medical Care’s global Cyber Security Operations Center.
Requirements
- 10+ years in Incident Response/DFIR, including leadership of complex, enterprise scale investigations.
- Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails.
- Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics.
- E xperience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy.
- Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs.
- Proficient in Python or PowerShell for automation and artifact analysis.
- Excellent written and verbal communication—able to brief executives clearly under time pressure.
- Minimum Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience).
Nice To Haves
- Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security.
- Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace).
- Familiarity with EPSS/SSVC, threat modeling, and purple team /ATT&CK evaluation practices.
- Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations.
Responsibilities
- Lead enterprise level forensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks.
- Act as technical commander during priority incidents, directing scoping, containment, eradication, and root cause analysis in partnership with IR, IT, and Cloud teams.
- Conduct root cause , impact, and attribution analysis for major cyber events; drive corrective and preventive actions.
- Lead post incident reviews and oversee closure of remediation tasks, translating findings into hardening and control improvements.
- Develop and maintain forensic methodologies, chain of custody procedures, and evidence handling standards.
- Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations.
- Correlate forensic artifacts with threat intelligence insights to identify adversaries, campaigns, and TTPs.
- Establish and maintain forensic readiness strategies, including tooling optimization, logging enhancements, and data retention standards.
- Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, and cloud log normalization.
Benefits
- This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
