Senior Cybersecurity Forensic Administrator

Role Overview

• Lead forensic investigations involving endpoints, servers, cloud environments, email systems, and network artifacts.
• Collect, preserve, and analyze digital evidence using forensically sound methods while maintaining chain of custody and evidence integrity.
• Support cyber incident response activities including triage, containment support, root cause analysis, scope determination, and post-incident reporting.
• Perform host, file system, log, memory, and malware-related analysis to identify indicators of compromise, attacker activity, and persistence mechanisms.
• Administer and optimize forensic and security investigation tools, including endpoint detection, log analysis, SIEM, and evidence collection platforms.
• Develop and maintain forensic procedures, investigation playbooks, and documentation standards aligned with legal, regulatory, and internal policy requirements.
• Partner with security operations, IT, privacy, compliance, HR, and legal teams on investigations involving data misuse, unauthorized access, and insider risk.
• Prepare clear technical and executive-level reports summarizing findings, business impact, timelines, and recommended corrective actions.
• Identify gaps in logging, monitoring, evidence retention, and investigative readiness, and recommend improvements.
• Mentor junior analysts and administrators in forensic methodology, investigative rigor, and evidence handling best practices.
• Support audits, litigation holds, eDiscovery coordination, and regulatory requests where digital evidence or incident documentation is required.
• Stay current on emerging threats, attacker techniques, forensic tools, and industry frameworks relevant to digital investigations and incident response.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Digital Forensics, or a related field, or equivalent practical experience.
• 5+ years of experience in cybersecurity, incident response, digital forensics, or security administration, including experience in a senior or lead capacity.
• Hands-on experience with forensic acquisition and analysis across Windows, Linux, and cloud-based environments.
• Strong knowledge of incident response processes, evidence preservation, log analysis, endpoint investigations, and threat investigation workflows.
• Experience administering or using enterprise security tools such as SIEM, EDR/XDR, email security, case management, and vulnerability management platforms.
• Strong understanding of operating systems, file systems, network protocols, authentication mechanisms, and attacker tactics, techniques, and procedures.
• Ability to produce accurate documentation, defensible findings, and concise reports for technical and non-technical audiences.
• Relevant certifications such as GCFA, GCFE, GCIH, CISSP, CISM, CHFI, or equivalent.
• Experience supporting legal, regulatory, or HR-led investigations.
• Knowledge of cloud forensics, identity investigations, and data loss scenarios in Microsoft 365, Azure, AWS, or similar platforms.
• Familiarity with scripting or automation using PowerShell, Python, or similar languages.
• Experience with malware triage, memory forensics, and timeline analysis.

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• Linux
• Python