Perform live-state memory captures, extract Master File Tables (MFT), and collect forensic system artifacts across Windows, Linux, and macOS endpoints using enterprise tools.
Reconstruct complex, multi-stage attack timelines by correlating telemetry across cloud infrastructure (AWS/Azure/GCP), local identity nodes, network firewall pipes, and application layers
Conduct behavioral malware analysis to quickly isolate Indicators of Compromise (IoCs), identify command-and-control (C2) servers, and decipher attacker capabilities.
Convert findings from active breaches into automated incident response playbooks within the corporate SOAR platform.
Maintain pristine evidentiary standards and strict chain-of-custody documentation to support potential regulatory disclosures, insurance claims, or legal actions.
Author detailed Root Cause Analysis (RCA) records and Post-Incident Reports (PIR) for executive leadership and compliance auditors
Formulate and execute highly targeted eradication plans, removing web shells, malicious persistence mechanisms, rogue administrative accounts, and malware payloads.
Partner directly with IT Infrastructure and Disaster Recovery teams to guide the safe, verified restoration of business systems following a breach.
Job Requirements:
Education: A bachelor's degree in computer science, cybersecurity, information technology, digital forensics, or a related field. Relevant certifications such as GCIH, GCFA, GCFE, GCDA, or CSIH are desirable
Experience: 2-4 years of experience in Digital Forensics and Incident Response (DFIR), mobile forensics, incident response, or a related field.
Technical skills: Proficiency in various mobile forensic tools and technologies (e.g. KAPE, Velociraptor, Volatility, CrowdStrike, Splunk, Sentinel, dll) mobile operating systems (iOS, Android), and basic programming/scripting languages (Python, Bash, etc.).
Attack Methodology Frameworks: Native familiarity mapping live hacker footprints directly to the MITRE ATT&CK enterprise framework and the NIST Computer Security Incident Handling Guide (SP 800-61).
Analytical skills: Strong analytical and critical thinking skills, with the ability to analyze digital evidence from enterprise endpoints and cloud environments
Legal knowledge: Familiarity with legal and regulatory requirements related to digital evidence handling, chain of custody, and data privacy
Communication skills: Good verbal and written communication skills to effectively convey technical findings to technical and non-technical stakeholders.
Teamwork: Ability to work collaboratively within a team and contribute to the overall success of the digital forensics team.
