_edited_edite.png){kind=small}
About the Role
The Digital Forensics Analyst is responsible for conducting in-depth investigations into cyber incidents, analyzing digital evidence, and supporting legal, compliance, and security teams with accurate and defensible forensic data. This role plays a critical part in identifying, containing, and preventing cybersecurity threats, ensuring the integrity and availability of digital evidence during investigations, and supporting the organization’s incident response and litigation readiness programs.
What you will do.
Key Responsibilities
Conduct forensic analysis of digital evidence including servers, endpoints, network traffic, mobile devices, and cloud environments.
Collect, preserve, and document evidence in accordance with industry best practices and legal standards to maintain chain of custody.
Support incident response efforts by performing root cause analyses, identifying Indicators of Compromise (IOCs), and mapping threat actor tactics, techniques, and procedures (TTPs).
Analyze log files, malware samples, and network artifacts to reconstruct cyber incidents.
Prepare clear, detailed, and defensible forensic reports and findings for technical and non-technical stakeholders, including executive leadership and legal teams.
Provide expert witness testimony or support during legal proceedings or internal investigations, when required.
Collaborate with threat intelligence, SOC, and vulnerability management teams to strengthen organizational security posture.
Stay current with emerging forensic tools, techniques, and trends in cybercrime, digital investigations, and threat actor behavior.
Assist in the development and continuous improvement of digital forensic processes, procedures, and documentation.
Participate in security awareness training and assist in developing playbooks for future incident handling and forensic investigations."
What we are looking for.
Required Qualifications
Bachelor’s degree in Computer Science, Information Security, Digital Forensics, or related field; or equivalent practical experience.
2–5 years of experience in digital forensics, incident response, or cybersecurity investigations.
Strong understanding of operating systems (Windows, Linux, macOS), file systems, and network protocols.
Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, Cellebrite, Magnet AXIOM, Volatility, or similar platforms.
Familiarity with SIEM platforms, intrusion detection systems, and endpoint detection and response (EDR) solutions.
Knowledge of evidence handling procedures, chain of custody requirements, and legal/compliance frameworks.
Strong analytical and problem-solving skills with attention to detail.
Excellent written and verbal communication skills for preparing technical reports and delivering findings to diverse audiences.
Preferred Qualifications
Industry certifications such as GCFA, GCFE, CHFI, EnCE, CFCE, or CCE.
Experience supporting litigation, law enforcement investigations, or regulatory compliance cases.
Familiarity with scripting languages (Python, PowerShell, or Bash) for automation of forensic tasks.
Experience with cloud platforms (AWS, Azure, Google Cloud) and SaaS forensic investigations.
Knowledge of MITRE ATT&CK framework and common cyber threat actor TTPs.