Prin Analyst Cyber Security Ops - Digital Forensics

About The Position

Requirements

• 10+ years in Incident Response/DFIR, including leadership of complex, enterprisescale investigations.
• Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails.
• Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics.
• Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy.
• Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs.
• Proficient in Python or PowerShell for automation and artifact analysis.
• Excellent written and verbal communication—able to brief executives clearly under time pressure.
• Minimum Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience).

Nice To Haves

• Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security.
• Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace).
• Familiarity with EPSS/SSVC, threat modeling, and purpleteam/ATT&CK evaluation practices.
• Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations.

Responsibilities

• Lead enterpriselevel forensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks.
• Act as technical commander during priority incidents, directing scoping, containment, eradication, and rootcause analysis in partnership with IR, IT, and Cloud teams.
• Conduct rootcause, impact, and attribution analysis for major cyber events; drive corrective and preventive actions.
• Lead postincident reviews and oversee closure of remediation tasks, translating findings into hardening and control improvements.
• Develop and maintain forensic methodologies, chainofcustody procedures, and evidencehandling standards.
• Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations.
• Correlate forensic artifacts with threatintelligence insights to identify adversaries, campaigns, and TTPs.
• Establish and maintain forensicreadiness strategies, including tooling optimization, logging enhancements, and dataretention standards.
• Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, and cloudlog normalization.

Benefits

• This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance