Senior Digital Forensics & Incident Response (DFIR) Analyst

ASSYST is seeking an experienced Digital Forensics & Incident Response (DFIR) Analyst to support enterprise cybersecurity operations through advanced threat hunting, digital forensic analysis, and malware investigation. The ideal candidate will possess strong hands-on experience investigating security incidents across enterprise infrastructure, including endpoints, networks, and cloud environments.

This role will focus on proactive threat detection, forensic investigations, and malware analysis while supporting enterprise incident response operations and insider threat investigations.

Key Responsibilities:

• Perform digital forensic investigations across Windows, Linux, and macOS systems.
• Conduct disk imaging, media acquisition, and forensic analysis to support security investigations.
• Support incident response activities, including investigation, containment, and reporting of security incidents.
• Perform proactive threat hunting and IOC sweeps across enterprise systems.
• Conduct malware analysis to identify malicious behavior and indicators of compromise.
• Investigate security events across cloud platforms (AWS, Azure, Microsoft 365) including CloudTrail and IAM logs.
• Utilize EDR, SIEM, and network packet analysis tools to detect and investigate threats.
• Prepare forensic reports, incident response documentation, and investigation findings.
• Support insider threat investigations and security operations activities.

Required Qualifications:

• 5+ years of experience in Digital Forensics, Incident Response, Threat Hunting, or Malware Analysis.
• Hands-on experience with Windows, Linux, and macOS forensic investigations.
• Experience performing digital media acquisition and disk duplication.
• Strong experience investigating incidents using EDR and SIEM tools.
• Experience analyzing malware and suspicious files.
• Hands-on experience with AWS, Azure, and Microsoft 365 security investigations.
• Ability to analyze Virtual Machines, CloudTrail, and IAM logs.
• Strong analytical and incident investigation skills.

Preferred Certifications:

• SANS GIAC Certifications: GCIH, GCFA, GCFE, GREM, GISF, GXPN, or GCTI
• EnCase Certifications: EnCE, CFSR, ENCEP

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.