Information Security Operations Analyst / Incident Response & Forensics Specialist

The Information Security Operations Analyst / Incident Response & Forensics Specialist is a critical, hands-on role responsible for operating and maturing the organization's cybersecurity defense, detection, and response capabilities. This specialist serves as a high-level escalation point, bridging the gap between proactive threat intelligence and reactive incident management.

The primary focus is two-fold: leading the execution of the full incident response lifecycle (detection, containment, eradication, and post-incident analysis) and conducting comprehensive digital forensic investigations for security breaches, eDiscovery requests, and internal investigations (HR/Legal). The role requires deep technical proficiency, a strong analytical mindset, and the ability to operate under pressure while maintaining strict standards for evidence integrity and regulatory compliance.

Key Responsibilities

I. Incident Response & Threat Hunting (The Core Focus)

• Lead Incident Response: Serve as the primary technical lead in responding to escalated and complex security incidents (e.g., advanced persistent threats, nation-state attacks, significant data breaches, and sophisticated phishing campaigns).

• 24/7 Coordination: Coordinate and ensure the timely prioritization, triage, and response to cybersecurity alerts and incidents across a 24/7 operations environment.

• Containment and Eradication: Execute highly technical containment strategies to limit the scope of an attack and lead the root cause analysis and eradication phase to ensure complete removal of adversary presence.

• Threat Intelligence Integration: Continuously ingest, review, and analyze incoming threat intelligence feeds, applying best practices to inform proactive threat hunting campaigns using the MITRE ATT&CK framework.

• Post-Incident Analysis: Create detailed, high-quality incident reports and after-action reviews to document findings, articulate technical concepts to non-technical stakeholders (including leadership), and identify opportunities for control enhancement.

II. Digital Forensics & Investigations

• Forensic Investigations: Conduct advanced, forensically sound data collections, imaging, and analysis of compromised systems, volatile memory, cloud environments, and network data in support of active security incidents.

• eDiscovery & Legal Support: Execute eDiscovery requests and support complex internal investigations led by Legal and Human Resources, ensuring strict maintenance of the chain of custody and evidence integrity in alignment with regulatory and organizational standards.

• Tool Expertise: Utilize and maintain state-of-the-art forensic tools, such as Magnet Forensics Axiom Cyber, for deep-dive investigations.

III. Security Operations & Program Management

• Tool Optimization: Maintain and optimize core security technologies, including SIEM (Splunk), Extended Detection and Response (XDR) solutions (e.g., Microsoft Defender), and vulnerability scanners, specifically focusing on alert tuning and detection engineering.

• Risk Remediation: Review findings from penetration tests, vulnerability scans, and security control assessments to identify weaknesses and provide pragmatic recommendations for remediation and control gap closure.

• Governance and Awareness: Contribute to the development and ongoing maintenance of security policies, standards, processes, and Incident Response Plans (IRPs). Develop and deliver targeted, high-impact security awareness content for the organization.

Required Experience and Qualifications

Education & Experience

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or equivalent combination of education and/or 5 or more years of progressively responsible professional work experience in security operations, incident response, or digital forensics.

• Experience in a highly regulated industry is strongly preferred (e.g., Financial Services, Insurance).

• Experience supporting law enforcement or external regulatory body investigations is preferred.

Technical Expertise

• Deep, hands-on experience executing the full Incident Response lifecycle (preparation, identification, containment, eradication, recovery, and lessons learned).

• Demonstrated proficiency with Security Information and Event Management (SIEM) tools like Splunk for advanced log analysis and correlation rule creation.

• Expertise utilizing Endpoint Detection and Response (EDR) / XDR platforms (e.g., Microsoft Defender) for threat hunting and incident containment.

• Proven experience with digital forensic tools and methodologies, specifically including Magnet Forensics Axiom Cyber or equivalent platforms.

• In-depth knowledge of attacker Tactics, Techniques, and Procedures (TTPs) and the MITRE ATT&CK framework.

• Proficiency with scripting languages (e.g., Python, PowerShell) for automation of investigative tasks and data analysis is a plus.

Professional Skills

• Exceptional verbal and written communication skills with a proven ability to translate complex technical findings into clear, concise reports for both technical and non-technical executive audiences.

• Demonstrated analytical and critical thinking skills with the ability to manage high-stress, high-impact security incidents.

• Proven ability to work collaboratively across diverse teams (IT, Legal, HR, Business Units) and provide consulting and mentorship to junior team members.