Mid-Level Digital Forensics and Incident Response Analyst
Huntsville, Alabama, United States of America
Full Time
3 hours ago
$90,000 - $130,000 USD
No Visa Sponsorship
Key skills
CloudCyber SecurityFirewallsSplunkCommunication
About this role
Role Overview
- Provide real-time analysis of escalated security events to support response efforts.
- Analyze data from endpoints, EDR systems, firewalls, and servers to identify, contain, and remediate suspicious activity.
- Analyze malicious scripts and code to mitigate potential threats.
- Engage in Threat Hunting operations to proactively identify and mitigate threats.
- Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
- Create system images or capture network settings from IT environments to preserve as evidence.
- Forensically duplicate digital evidence for data recovery and analysis procedures.
- Perform web service network traffic analysis to detect anomalies.
- Contribute to cyber threat intelligence analysis and bolster defensive actions.
- Post-incident analysis, identifying root causes and reinforcing security measures.
- Contribute to training and skill development opportunities for self and teammates.
- Develop or refine policies for data collection, processing, and reporting.
- Recommend cyber defense software or hardware to support responses to cyber incidents.
- Adhere to legal policies related to handling digital media.
- Stay current on emerging threats and vulnerabilities.
- Write and execute scripts to automate tasks, such as parsing large data files.
- Write cyber defense reports or white papers using research or experience.
- Write accurate technical summaries to report findings and recommendations.
Requirements
- Bachelor's degree (or equivalent experience) in Cybersecurity, Information Technology, or a related field
- Minimum of 3 years of relevant experience in direct digital forensics or incident response within large enterprise federal government or corporate environments
- Active Top-Secret Clearance with SCI Eligibility
- Skilled in the use of Incident Response tools such as Splunk Enterprise Security and Microsoft Defender for Endpoint
- Well-versed in employing forensic tools such as Magnet Axiom, Exterro FTK, Cellebrite Physical Analyzer, Kape, and Open-Source tools
- Highly regarded certifications include GIAC Continuous Monitoring Certification (GMON), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Intrusion Analyst (GCIA), GIAC Network Forensic Analyst (GNFA), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Forensics Responder (GCFR), GIAC Advanced Smartphone Forensics Certification (GASF), GIAC Mobile Device Security Analyst (GMOB)
- Must possess problem-solving skills.
- Exceptional communication skills, both oral and written.
- Must be able to work effectively in a high-stress environment during critical incidents and be adaptable to a dynamic operational speed.
- Ability to respond to customers effectively and with a sense of urgency.
- Proficient in Microsoft and Adobe toolsets, including Excel, Word, PowerPoint, Acrobat, etc.
- Highly motivated with the ability to handle and manage multiple tasks at any one time.
- Ability to forge new relationships with both individuals and teams.
- Must be a self-starter, that can work independently and as part of a team.
Tech Stack
- Cloud
- Cyber Security
- Firewalls
- Splunk
Benefits
- Medical, Dental and Vision Insurance
- Wellness Program
- Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
- Short-Term and Long-Term Disability options
- Basic Life and AD&D Insurance (Company Provided)
- Voluntary Life and AD&D options
- 401(k) Retirement Savings Plan with matching after one year
- Paid Time Off