Senior Digital Forensics, Incident Response Analyst

Cybersecurity Advisors Network (CyAN)

. Lead complex DFIR investigations end-to-end: scope, evidence strategy, analysis, and findings validation across endpoint, identity, cloud, and network telemetry.

Posted 4/21/2026full-timeRemote • California • 🇺🇸 United StatesSenior💰 $120,000 - $150,000 per yearWebsite

Tech Stack

Tools & technologies

Cloud

About the role

Key responsibilities & impact

Lead complex DFIR investigations end-to-end: scope, evidence strategy, analysis, and findings validation across endpoint, identity, cloud, and network telemetry.
Perform advanced forensic analysis (disk, memory, cloud artifacts) including timeline construction, persistence discovery, credential access signals, and data access/exfiltration assessment.
Conduct root cause analysis to determine the TTPs (Tactics, Techniques, and Procedures) used by threat actors and propose measures to prevent similar incidents in the future.
Serve as incident lead or deputy lead for major incidents: coordinate containment/eradication/recovery with stakeholders and ensure evidence is preserved while response actions proceed.
Produce high-quality incident reports: executive summary, technical narrative, timeline, root cause, and prioritized remediation recommendations.
Own and improve DFIR playbooks, evidence collection checklists, and case documentation standards; conduct quality reviews and coaching.
Design/implement analysis automation (scripts, parsers, Velociraptor/KAPE artifacts, SOAR integrations) to reduce time-to-triage and improve consistency.
Support threat hunting and detection improvement by translating DFIR findings and Offensive Security TTPs into detection opportunities and telemetry requirements.
Mentor DFIR Analysts through case reviews, technical sessions, and training plans; help build specialization (cloud forensics, memory, network, malware triage).

Requirements

What you’ll need

4–7+ years of experience in DFIR, incident response, threat detection, or digital forensics roles.
Demonstrated experience leading complex investigations and coordinating response actions with technical and business stakeholders.
Strong proficiency with SIEM/EDR platforms and forensic tooling; ability to acquire, analyze, and interpret evidence across systems.
Strong knowledge of incident handling lifecycle and forensic best practices, including chain-of-custody and defensible reporting.
Strong analytical and problem-solving skills with the ability to handle complex, multi-layered incidents.
Excellent written and verbal communication skills; ability to brief technical and non-technical audiences.
Ability to lead and mentor junior team members, fostering a culture of knowledge sharing and collaboration.
Relevant certifications (one or more): GCIH, GCFA, GCFE, GNFA, CCDL2, SBTL2, CISSP (or equivalent).

Benefits

Comp & perks

PTO and 8 Paid Holidays.
Employer-paid Health and Dental Insurance for CA employees.
Great opportunities for career advancement.
401k with employer matching.
Disability and Life Insurance.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DFIRincident responsethreat detectiondigital forensicsforensic analysisroot cause analysisanalysis automationcloud forensicsmalware triageTTPs

Soft Skills

analytical skillsproblem-solving skillswritten communicationverbal communicationmentoringcollaborationleadershipcoachingstakeholder coordinationknowledge sharing

Certifications

GCIHGCFAGCFEGNFACCDL2SBTL2CISSP