Digital Forensics & Incident Response Expert

Key Responsibilities

Preparedness & Prevention

• Participate in tabletop exercises, simulations, and red/blue team activities.
• Recommend enhancements to security controls based on incident trends.
• Assist in vulnerability and risk assessments to strengthen overall cyber defenses.

Incident Detection & Response

• Monitor security alerts, logs, and threat intelligence feeds to identify potential incidents.
• Triage and classify security events based on severity and impact.
• Lead incident response actions, including containment, eradication, and recovery.
• Coordinate with IT, SOC, and external partners to resolve security incidents efficiently.

Threat Analysis & Investigation

• Conduct deep-dive investigations using SIEM, EDR, and network analysis tools.
• Perform memory, log, malware, and packet analysis when required.
• Identify root cause, attack vectors, and threat actor techniques (MITRE ATT&CK aligned).
• Document artifacts, timelines, and findings in a structured forensics workflow.

Digital Forensics

• Collect, preserve, and analyze digital evidence for internal investigations.
• Support legal, compliance, and HR teams during investigations when required.
• Maintain forensic toolsets, imaging processes, and chain-of-custody procedures.

Reporting & Communication

• Provide clear, actionable incident reports for both technical and executive audiences.
• Communicate incident impact and remediation progress to stakeholders.
• Maintain accurate and detailed incident response documentation.