Principal Analyst Cyber Security Ops - Digital Forensics

United States of America

Full Time

3 weeks ago

$118,000 - $196,000 USD

H1B Sponsor Likely

Key skills

Incident ResponseDigital ForensicsCloud LoggingIdentity ManagementSentinelSplunkMicrosoft 365 LogsAzure LogsAWS LoggingGCP LoggingEntra Audit TrailsOkta Audit TrailsNetwork AnalysisZeekSuricataBrimWiresharkPCAP AnalyticsFlow AnalyticsEvidence HandlingLegal HoldeDiscovery CoordinationWindows InternalsLinux InternalsAuthentication FlowsPersistence MechanismsLateral Movement TTPsPythonPowerShellGCFAGCFEGNFAGREMGCIHCISACISSPAzure SecurityAWS SecurityZero Trust ControlsIdentity Threat DetectionSaaS ForensicsThreat ModelingPurple TeamATT&CK FrameworkRegulated EnvironmentsAnalyticsAWSAzureGCPOktaSaaSLeadershipCommunicationZero Trust

About this role

Fresenius Medical Care’s Cyber Security Operations Center is seeking a highly experienced Principal Analyst specializing in Digital Forensics. This role leads complex incident response cases and conducts advanced forensic analysis to reduce organizational risk.

Responsibilities:

Lead enterpriselevel forensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks
Act as technical commander during priority incidents, directing scoping, containment, eradication, and rootcause analysis in partnership with IR, IT, and Cloud teams
Conduct rootcause, impact, and attribution analysis for major cyber events; drive corrective and preventive actions
Lead postincident reviews and oversee closure of remediation tasks, translating findings into hardening and control improvements
Develop and maintain forensic methodologies, chainofcustody procedures, and evidencehandling standards
Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations
Correlate forensic artifacts with threatintelligence insights to identify adversaries, campaigns, and TTPs
Establish and maintain forensicreadiness strategies, including tooling optimization, logging enhancements, and dataretention standards
Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, and cloudlog normalization

Requirements:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience)
10+ years in Incident Response/DFIR, including leadership of complex, enterprise scale investigations
Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails
Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics
Experience in evidence handling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy
Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs
Proficient in Python or PowerShell for automation and artifact analysis
Excellent written and verbal communication—able to brief executives clearly under time pressure
Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security
Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace)
Familiarity with EPSS/SSVC, threat modeling, and purpleteam/ATT&CK evaluation practices
Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations