Fresenius Medical CareRemote
Prin Analyst Cyber Security Ops - Digital Forensics
United States
Full Time
1 day ago
$118,000 - $196,000 USD
H1B Sponsor Likely
Key skills
PythonPowerShellAnalyticsAWSAzureGCPOktaSplunkSaaSLeadershipMentoringCommunicationZero Trust
About this role
Fresenius Medical Care is seeking a highly experienced Principal Analyst specializing in Digital Forensics for their Cyber Security Operations Center. The role involves leading complex incident response cases, conducting advanced forensic analysis, and providing strategic insights to reduce organizational risk while mentoring other analysts.
Responsibilities:
- Lead enterpriselevel forensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks
- Act as technical commander during priority incidents, directing scoping, containment, eradication, and rootcause analysis in partnership with IR, IT, and Cloud teams
- Conduct rootcause, impact, and attribution analysis for major cyber events; drive corrective and preventive actions
- Lead postincident reviews and oversee closure of remediation tasks, translating findings into hardening and control improvements
- Develop and maintain forensic methodologies, chainofcustody procedures, and evidencehandling standards
- Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations
- Correlate forensic artifacts with threatintelligence insights to identify adversaries, campaigns, and TTPs
- Establish and maintain forensicreadiness strategies, including tooling optimization, logging enhancements, and dataretention standards
- Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, and cloudlog normalization
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience)
- 10+ years in Incident Response/DFIR, including leadership of complex, enterprisescale investigations
- Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails
- Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics
- Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy
- Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs
- Proficient in Python or PowerShell for automation and artifact analysis
- Excellent written and verbal communication—able to brief executives clearly under time pressure
- Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security
- Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace)
- Familiarity with EPSS/SSVC, threat modeling, and purpleteam/ATT&CK evaluation practices
- Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations