Senior Cybersecurity Forensic Administrator

Enghouse is looking for a Senior Cybersecurity Forensic Administrator. Reporting to the VP, IT, this senior-level role is responsible for leading digital forensics and cyber incident investigation activities across the organization. The Senior Cybersecurity Forensics Admin preserves, collects, analyzes, and documents digital evidence related to security incidents, policy violations, insider threats, and potential compromises. The role partners closely with security operations, infrastructure, legal, compliance, and leadership teams to support incident response, strengthen controls, and improve organizational resilience.

This is a hybrid opportunity, that requires an in-office presence 1 to 2 days a week. 

Key Responsibilities

• Lead forensic investigations involving endpoints, servers, cloud environments, email systems, and network artifacts.
• Collect, preserve, and analyze digital evidence using forensically sound methods while maintaining chain of custody and evidence integrity.
• Support cyber incident response activities including triage, containment support, root cause analysis, scope determination, and post-incident reporting.
• Perform host, file system, log, memory, and malware-related analysis to identify indicators of compromise, attacker activity, and persistence mechanisms.
• Administer and optimize forensic and security investigation tools, including endpoint detection, log analysis, SIEM, and evidence collection platforms.
• Develop and maintain forensic procedures, investigation playbooks, and documentation standards aligned with legal, regulatory, and internal policy requirements.
• Partner with security operations, IT, privacy, compliance, HR, and legal teams on investigations involving data misuse, unauthorized access, and insider risk.
• Prepare clear technical and executive-level reports summarizing findings, business impact, timelines, and recommended corrective actions.
• Identify gaps in logging, monitoring, evidence retention, and investigative readiness, and recommend improvements.
• Mentor junior analysts and administrators in forensic methodology, investigative rigor, and evidence handling best practices.
• Support audits, litigation holds, eDiscovery coordination, and regulatory requests where digital evidence or incident documentation is required.
• Stay current on emerging threats, attacker techniques, forensic tools, and industry frameworks relevant to digital investigations and incident response.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Digital Forensics, or a related field, or equivalent practical experience.
• 5+ years of experience in cybersecurity, incident response, digital forensics, or security administration, including experience in a senior or lead capacity.
• Hands-on experience with forensic acquisition and analysis across Windows, Linux, and cloud-based environments.
• Strong knowledge of incident response processes, evidence preservation, log analysis, endpoint investigations, and threat investigation workflows.
• Experience administering or using enterprise security tools such as SIEM, EDR/XDR, email security, case management, and vulnerability management platforms.
• Strong understanding of operating systems, file systems, network protocols, authentication mechanisms, and attacker tactics, techniques, and procedures.
• Ability to produce accurate documentation, defensible findings, and concise reports for technical and non-technical audiences.

Preferred Qualifications

• Relevant certifications such as GCFA, GCFE, GCIH, CISSP, CISM, CHFI, or equivalent.
• Experience supporting legal, regulatory, or HR-led investigations.
• Knowledge of cloud forensics, identity investigations, and data loss scenarios in Microsoft 365, Azure, AWS, or similar platforms.
• Familiarity with scripting or automation using PowerShell, Python, or similar languages.
• Experience with malware triage, memory forensics, and timeline analysis.

Core Skills

• Digital forensics and evidence handling
• Incident response and investigative analysis
• SIEM, EDR/XDR, and log correlation
• Root cause analysis and technical reporting
• Cross-functional collaboration and stakeholder communication
• Analytical thinking, discretion, and sound judgment
• Policy, process, and playbook development
• Coaching and knowledge sharing

Working Conditions

This role may require participation in on-call incident response activities, after-hours investigations, and coordination during active security events. The position handles sensitive and confidential information and requires a high level of professionalism, integrity, and attention to detail.

#LI-EN