Cyber Forensic Specialist

We are seeking a skilled and detail-oriented Cyber Forensic Specialist to join our Digital Forensics and Incident Response (DFIR) team. This role is critical in supporting the organization's Cyber Incident Response Team (CIRT) by providing expert-level digital forensic and investigative support. Additionally, the position involves working closely with cross-functional teams, including Human Resources, Legal, and Insider Threat, to conduct sensitive internal investigations related to policy adherence and organizational concerns.

The Cyber Forensic Specialist will also collaborate with the internal Legal team to execute litigation holds and eDiscovery-related evidence captures, ensuring full compliance with organizational and regulatory requirements. The role further involves serving as the central point for evidence intake, processing, and management for cases, litigation holds, and investigations. 

The Work

1. DFIR Support:
• Collaborate with the Cyber Incident Response Team (CIRT) to investigate and respond to cybersecurity incidents, including malware infections, unauthorized access, data breaches, and advanced persistent threats (APTs).
• Perform digital forensic analysis on devices such as laptops, desktops, servers, mobile devices, and network logs to identify the root cause and scope of incidents.
• Provide recommendations on containment, remediation, and recovery activities.
2. Investigative Support:
• Conduct internal investigations in collaboration with HR, Legal, and Insider Threat teams related to:
• Potential risks to organizational assets and operations.
• Inquiries requiring the collection and analysis of electronic evidence.
• Other internal matters involving digital investigations.
• Analyze electronic communications, file systems, and digital artifacts to uncover evidence.
• Prepare detailed, well-documented reports and findings to support decision-making and potential actions.
3. Litigation Holds and eDiscovery:
• Partner with the Legal team to ensure the timely and accurate implementation of litigation holds, including identifying, preserving, and collecting electronically stored information (ESI).
• Perform eDiscovery-related data captures, including on-premises and cloud-based systems, in alignment with legal and regulatory requirements.
• Maintain thorough documentation of all eDiscovery activities for legal proceedings and audits.
4. Evidence Intake and Management:
• Serve as the central point for evidence intake, ensuring proper chain of custody and documentation for all collected digital evidence.
• Maintain and enforce evidence management protocols, including secure storage, tagging, and tracking for litigation holds and legal proceedings.
• Ensure compliance with data retention and destruction policies.
5. Process Optimization and Tooling:
• Leverage forensic tools (e.g., EnCase, FTK, X-Ways, Magnet Axiom) to analyze and process evidence efficiently.
• Continuously improve and document forensic methodologies, workflows, and playbooks.
• Stay up to date with emerging forensic techniques, tools, and industry best practices.
6. Collaboration and Training:
• Provide guidance and training to the CIRT and other internal teams on forensic processes and evidence handling.
• Collaborate with outside counsel or external third-party forensic services, when required.

What you need

• US Citizenship required.
• 3-5 years of experience in information security, or other equivalent combination of education or equivalent work experience.
• 3 + years of experience with performing digital forensics on physical and cloud systems.
• 2+ years of experience performing event and log analysis including one or more of the following: Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data loss prevention tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
• 1+ years of experience investigating, containing, eradicating, and preventing current and future compromises i.e., implementing or requesting an IP/domain/URL block, file hash block, email purge, software removal, device reimage, etc.
• 1+ years of experience with collecting, processing, reviewing, and producing Electronically Stored Information (ESI) to legal teams.
• Work independently to deliver prompt solutions without direct supervision.
• Excellent written and oral communication skills, attention to detail, and interpersonal skills.
• Experience presenting complex technical information to decision makers and leading them through the decision-making process.
• Experience with digital forensic imaging (FTK, Cellebrite, Paladin, etc.) and analysis tools (EnCase, Autopsy, Nuix, etc.)
• Experience with evidence preservation and chain of custody.
• Experience with TCP/IP, common application layer protocols, and packet analysis of the same.
• Experience performing static and dynamic malware analysis.
• Experience with indicators of attack and compromise.
• Experience with basic data parsing and analysis tools, i.e., Excel, grep, sed, awk, regex, etc.
• Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software packages.
• Familiarity with detection design & engineering concepts to tune detections.
• Familiarity with Windows / Linux architecture and endpoint analysis of the same.
• Familiarity with the Electronic Discovery Reference Model (EDRM) for ESI discovery, preservation, and production.

Bonus if you have

• DFIR related certifications including but not limited to: SANS (GCED, GCLD, GCIH, GCFE,GCFA,GREM),CFCE,EnCE.
• Knowledge of scripting languages (e.g., Python, PowerShell) to automate forensic tasks.
• Experience with eDiscovery toolsets such as: Microsoft Purview eDiscovery (Standard/Premium) and Nuix.