Senior Forensics Analyst

ABM is currently seeking a highly motivated and experienced Senior Forensics Analyst. The Senior Forensics Analyst is a senior technical member of the information security team responsible for leading forensic examinations through collection, processing, analysis and preservation of digital data. This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues.

The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise. This role provides strategic guidance on forensic processes, mentors junior analysts, and communicates complex technical findings to executive leadership, legal counsel and law enforcement when applicable.

The ideal candidate is deeply technical, possesses strong business acumen, and understands how technology is involved in day-to-day operations. The Senior Forensics Analyst demonstrates a track record of leading complex investigations and driving continuous improvement within the forensic and incident response program. 

ABM offers a comprehensive benefits package.  For information about ABM’s benefits, visit:

Recruiting Flyer - Staff & Mgmt

Specific job duties or deliverables that the position requires which will also measure performance:

• Lead and conduct forensic examinations including collection, preservation, processing and analysis of digital data and systems across the enterprise
• Serve as the primary subject matter expert for forensic investigations, providing technical direction to incident responders and SOC analysts during escalated security events
• Mentor and develop junior forensic analysts, providing guidance on examination techniques, tool usage and professional development
• Document comprehensive case notes and communicate analysis findings from initial investigation through closure and post-mortem to technical and non-technical stakeholders
• Maintain strict evidence handling procedures including collection, storage, preservation and chain of custody in accordance with legal and regulatory requirements
• Conduct investigations across end-user hosts, servers, network infrastructure, mobile devices, peripherals, cloud environments and application systems
• Perform advanced malware analysis, reverse engineering and examination of obfuscated code to support threat identification and containment
• Develop and refine operational response processes and forensic playbooks for the security operations program
• Analyse penetration test reports and threat intelligence to inform forensic readiness and detection capabilities
• Effectively communicate findings, strategy and recommendations to stakeholders including technical staff, executive leadership and legal counsel
• Recognize and safely utilize attacker tools, tactics and procedures to support discovery, analysis and incident containment
• Develop and maintain relationships with engineering, IT, incident response, SOC, software engineering and cross-functional business teams
• Analyse systems and data sources for accidental, malicious and unauthorized activities, providing actionable results to management and technical teams
• Maintain and improve the forensic lab environment, evaluating new solutions and retaining proficiency with existing tools and methodologies
• Participate in and lead briefings from internal forensics as well as from hired consultants, presented to technical and business leadership
• Communicate with legal, external firms and law enforcement under management direction when investigations require external coordination
• Identify program strengths and weaknesses, recommending improvements to forensic capabilities, skills development and knowledge base
• Research emerging cybersecurity threats and forensic techniques to maintain a proactive security posture
• Support security initiatives through both predictive and reactive analysis

Perform other duties as assigned

Education: 

• Bachelor’s degree preferred in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.

Experience: 

• 7+ years of combined experience in cybersecurity, incident response and security operations, with a minimum of 4 years in a dedicated digital forensics role
• Demonstrated expertise with forensic tools including, but not limited to, AccessData Forensic Toolkit (FTK), Magnet Axiom, EnCase, X-Ways, REMnux and SIFT
• Proven ability to perform malware analysis, reverse engineering and examination of obfuscated code
• Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework
• Experience with log and data aggregation systems (SIEM platforms such as Microsoft Sentinel, Splunk or similar)
• Proficient scripting ability with one or more languages including Python, PowerShell, JavaScript and Bash
• Clear understanding of evidence preservation, chain of custody and legal requirements for digital evidence
• Strong understanding of the NIST Cybersecurity Framework and associated controls
• Administration experience with network and host configurations, endpoint detection and response (EDR), application security, encryption and cloud services
• Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
• Strong verbal and written communication skills with the ability to explain complex technical topics to business leaders
• Excellent judgment and the ability to make quick decisions when working with complex situations
• Demonstrated ability to lead investigations and mentor junior team members
• Self-starter who can work efficiently both independently and with teams
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism

Certifications:

One or more of the following required: GCFE, GCFA, GREM, GCIH, EnCE or CISSP

Education:

• Master’s degree in information assurance, Cybersecurity, Computer Science, Digital Forensics or a related technical field.

Experience:

• 10+ years of combined experience in cybersecurity, incident response, security operations and digital forensics
• Holistic experience across Computer Network Defense, Cryptography, Identity Management, Information Assurance, Malware Analysis and Infrastructure Design
• Experience leading forensic investigations in hybrid and multi-cloud environments (Azure, AWS, GCP)
• Experience identifying, investigating and responding to complex attacks including advanced persistent threats (APTs)
• Demonstrated experience developing forensic processes, playbooks and program maturity initiatives
• Experience with vulnerability management platforms (Tenable, Rapid7, Qualys)
• Ability to utilize and develop scripts that interact with APIs, automate forensic workflows and assist with alert response
• Experience working with legal teams, external counsel and law enforcement on digital investigations
• Prior experience mentoring or managing a team of forensic analysts

Other:

• Holistic experience in Computer Network Defense, Cryptography, Identity Management, Information Assurance, Information Systems/Network Security, Malware Analysis, and Infrastructure Design
• Extensive experience with core vulnerability management scanners (e.g. Tenable, Rapid7, Qualys etc.)
• Understanding of alert triaging, vulnerability detection and response, and data integrity
• Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
• Advanced understanding of TCP, UDP, HTTP, IP, and other network protocols
• Ability to utilize and write scripts that interact with APIs, automate tasks, and assist with alert response
• Knowledge of data center network components 
• Critical thinking and efficient communicator (i.e written and verbal)
• Experience identifying, investigating, and responding to complex attacks in hybrid-environments

Certifications:

Two or more of the following preferred: GCFE, GCFA, GREM, GCIH, EnCE, CISSP, CISM, CRISC, CISA, CFCE, CCE

Enter a description of the working environment and travel requirements (if any) below:
 

Remote  
 

ABM (NYSE: ABM) is one of the world’s largest providers of integrated facility, engineering, and infrastructure solutions. Every day, our over 100,000 team members deliver essential services that make spaces cleaner, safer, and efficient, enhancing the overall occupant experience.   ABM serves a wide range of market sectors including commercial real estate, aviation, education, mission critical, and manufacturing and distribution. With over $8 billion in annual revenue and a blue-chip client base, ABM delivers innovative technologies and sustainable solutions that enhance facilities and empower clients to achieve their goals. Committed to creating smarter, more connected spaces, ABM is investing in the future to meet evolving challenges and build a healthier, thriving world. ABM: Driving possibility, together.
ABM is an Equal Employment Opportunity (EEO) employer that does not discriminate on the basis of any trait or characteristic protected by applicable federal, state, or local law, including disability and protected veteran status. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.
ABM participates in the U.S. Department of Homeland Security E-Verify program. E-Verify is an internet-based system used to electronically confirm employment eligibility.
ABM is a military-friendly company proudly employing thousands of men and women who have served in the U.S. military. With ABM, you’ll have access to a world-class training program and ample opportunities to use the skills you developed while serving our country.  Whether you’re looking for a frontline or professional position, you can find post-military career opportunities across ABM.
ABM directs all applicants to apply at www.abm.com/careers. ABM does not accept unsolicited resumes or submissions outside of this portal. Applicants should submit their application by clicking Apply Now.   For more information, visit www.abm.com