Digital Forensics and Incident Response Specialist – Cloud DevOps

Cybereason

Position Summary:

We are seeking a skilled and motivated Digital Forensics and Incident Response (DFIR) Specialist to join our cybersecurity team. The ideal candidate will be our subject matter expert in Cloud DevOps. Investigating and responding to cybersecurity incidents, conducting digital forensic investigations, and implementing strategies to prevent future incidents. This role requires deep technical expertise within Linux Cloud Investigations with strong analytical skills and the ability to work under pressure in a fast-paced environment.

Key Responsibilities:

Knowledge and experience of:

      • Cloud-native CI/CD platforms (such as Google Kubernetes Engine, Amazon EKS, or Oracle OKE)
      • Implementation of security aggregation and analytics platforms (e.g. commercial SIEMs, Splunk for security, ELK, etc)
      • Data pipelines, forwarding strategies, and ETL design theory
      • at least one scripting or development language (ideally Python and Golang) and ideally at least two of the following:
        • Security log analysis, alerting, and security operations principles
        • Digital forensics (disk and memory collection & analysis)
        • Network Security Monitoring (NSM), network traffic analysis, and log analysis
        • Static and dynamic malware analysis
        • Threat Hunting with EDR
        • Data Science with Jupyter, Pandas, etc
        • Threat Intelligence and adversary tracking
  • Incident Response: Lead and coordinate responses to cybersecurity incidents, including identification, containment, eradication, and recovery. Analyze and investigate security breaches to determine the root cause and impact.
  • Digital Forensics: Conduct digital forensic investigations on a variety of digital devices, including computers, mobile devices, and network systems. Collect, preserve, and analyze digital evidence in accordance with legal and regulatory requirements.
  • Threat Analysis: Monitor and analyze security alerts and threat intelligence to identify potential security incidents. Conduct threat hunting activities to proactively identify and mitigate security threats.
  • Reporting and Documentation: Prepare detailed incident reports, including findings, recommendations, and remediation plans. Maintain accurate and thorough documentation of all incident response activities and forensic investigations.
  • Security Improvement: Collaborate with IT and security teams to implement security controls and best practices to prevent future incidents. Conduct post-incident reviews to identify lessons learned and improve incident response processes.
  • Training and Awareness: Provide training and guidance to internal teams on incident response procedures and digital forensics best practices. Develop and deliver security awareness programs to educate employees on cybersecurity threats and safe practices.
  • Collaboration and Communication: Work closely with cross-functional teams, including IT, legal, compliance, and external vendors, to support incident response and forensic investigations.
  • Communicate effectively with stakeholders to provide updates and ensure alignment with incident response plans.

Qualifications:

  • At least 5 years of proven experience in digital forensics, incident response, or related roles.
  • Strong knowledge of Cloud native digital forensics tools and techniques, including EnCase, FTK, X-Ways, or similar platforms.
  • Experience with incident response frameworks and methodologies, such as NIST, SANS, or similar.
  • Excellent analytical and problem-solving skills.
  • Strong understanding of network protocols, operating systems, and security technologies.
  • Excellent written and verbal communication skills.
  • Ability to work independently and manage multiple projects simultaneously.

Preferred Qualifications:

  • Bachelor’s or Masters degree in Computer Science, Information Security, or a related field.
  • Certification in digital forensics or incident response (e.g., GCFA, GCIH, CCE, EnCE).
  • Experience working in a Security Operations Center (SOC) or similar environment.
  • Knowledge of scripting languages (e.g., Python, PowerShell) for automation and analysis.

Compensation

Base pay: $150,000 – $180,000 + Plus Bonus and Stock Options

The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.

#LI-Remote

More About Cybereason:

Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.

Core Values:

  • Win As One: The power of an individual is less than the power of a team.
  • Ever Evolving: Change keeps us at the forefront, so we encourage it.
  • Daring: To achieve the impossible, we must dare to be different.
  • Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
  • Never Give Up: We are tenacious and resilient, and we never stop.
  • UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.

If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

To apply for this job please visit jobs.cybereason.com.