The Information Security Operations Analyst / Incident Response & Forensics Specialist is a critical hands-on role responsible for operating and maturing the organizations cybersecurity defense detection and response capabilities. This specialist serves as a high-level escalation point bridging the gap between proactive threat intelligence and reactive incident management.

The primary focus is two-fold: leading the execution of the full incident response lifecycle (detection containment eradication and post-incident analysis) and conducting comprehensive digital forensic investigations for security breaches eDiscovery requests and internal investigations (HR/Legal). The role requires deep technical proficiency a strong analytical mindset and the ability to operate under pressure while maintaining strict standards for evidence integrity and regulatory compliance.

Key Responsibilities

I. Incident Response & Threat Hunting (The Core Focus)

• Lead Incident Response: Serve as the primary technical lead in responding to escalated and complex security incidents (e.g. advanced persistent threats nation-state attacks significant data breaches and sophisticated phishing campaigns).

• 24/7 Coordination: Coordinate and ensure the timely prioritization triage and response to cybersecurity alerts and incidents across a 24/7 operations environment.

• Containment and Eradication: Execute highly technical containment strategies to limit the scope of an attack and lead the root cause analysis and eradication phase to ensure complete removal of adversary presence.

• Threat Intelligence Integration: Continuously ingest review and analyze incoming threat intelligence feeds applying best practices to inform proactive threat hunting campaigns using the MITRE ATT&CK framework.

• Post-Incident Analysis: Create detailed high-quality incident reports and after-action reviews to document findings articulate technical concepts to non-technical stakeholders (including leadership) and identify opportunities for control enhancement.

II. Digital Forensics & Investigations

• Forensic Investigations: Conduct advanced forensically sound data collections imaging and analysis of compromised systems volatile memory cloud environments and network data in support of active security incidents.

• eDiscovery & Legal Support: Execute eDiscovery requests and support complex internal investigations led by Legal and Human Resources ensuring strict maintenance of the chain of custody and evidence integrity in alignment with regulatory and organizational standards.

• Tool Expertise: Utilize and maintain state-of-the-art forensic tools such as Magnet Forensics Axiom Cyber for deep-dive investigations.

III. Security Operations & Program Management

• Tool Optimization: Maintain and optimize core security technologies including SIEM (Splunk) Extended Detection and Response (XDR) solutions (e.g. Microsoft Defender) and vulnerability scanners specifically focusing on alert tuning and detection engineering.

• Risk Remediation: Review findings from penetration tests vulnerability scans and security control assessments to identify weaknesses and provide pragmatic recommendations for remediation and control gap closure.

• Governance and Awareness: Contribute to the development and ongoing maintenance of security policies standards processes and Incident Response Plans (IRPs). Develop and deliver targeted high-impact security awareness content for the organization.

Required Experience and Qualifications

Education & Experience

• Bachelors degree in Computer Science Information Systems Cybersecurity or equivalent combination of education and/or 5 or more years of progressively responsible professional work experience in security operations incident response or digital forensics.

• Experience in a highly regulated industry is strongly preferred (e.g. Financial Services Insurance).

• Experience supporting law enforcement or external regulatory body investigations is preferred.

Technical Expertise

• Deep hands-on experience executing the full Incident Response lifecycle (preparation identification containment eradication recovery and lessons learned).

• Demonstrated proficiency with Security Information and Event Management (SIEM) tools like Splunk for advanced log analysis and correlation rule creation.

• Expertise utilizing Endpoint Detection and Response (EDR) / XDR platforms (e.g. Microsoft Defender) for threat hunting and incident containment.

• Proven experience with digital forensic tools and methodologies specifically including Magnet Forensics Axiom Cyber or equivalent platforms.

• In-depth knowledge of attacker Tactics Techniques and Procedures (TTPs) and the MITRE ATT&CK framework.

• Proficiency with scripting languages (e.g. Python PowerShell) for automation of investigative tasks and data analysis is a plus.

Professional Skills

• Exceptional verbal and written communication skills with a proven ability to translate complex technical findings into clear concise reports for both technical and non-technical executive audiences.

• Demonstrated analytical and critical thinking skills with the ability to manage high-stress high-impact security incidents.

• Proven ability to work collaboratively across diverse teams (IT Legal HR Business Units) and provide consulting and mentorship to junior team members.