Senior Digital Forensics and Incident Response Analyst

Full-Time No home office possible

Senior Digital Forensics and Incident Response Analyst

This range is provided by Pen Test Partners. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

Pen Test Partners works with clients globally providing cyber security consultancy and testing services. We work with the most cutting-edge industries, including Automotive, Aerospace, and Maritime.

We are seeking a Senior DFIR Analyst to join our team, leveraging their technical expertise and investigative mindset to support forensic investigations and incident response engagements. The ideal candidate will have a methodical approach to problem-solving, ensuring investigations are thoroughly documented and findings are communicated effectively to both technical and non-technical stakeholders.

This role requires experience with CrowdStrike, Magnet Axiom, SIFT Workstations, and AWS, along with strong technical skills in systems administration, networking, and cloud forensics.

Key Responsibilities:

Conduct digital forensic investigations across endpoint, network, and cloud environments.
Perform incident response investigations, working across multiple environments, including on-premises and cloud-based infrastructures (AWS & Azure).
Utilise CrowdStrike, Magnet Axiom, X-Ways, and SIFT Workstations to collect and analyse forensic evidence.
Develop and script tooling for the task at hand.
Support forensic and incident response engagements by documenting findings, writing detailed reports, and delivering presentations to both technical and non-technical stakeholders.
Work closely with clients to understand their forensic and security requirements, translating them into actionable investigation strategies.
Develop and refine forensic methodologies and procedures to ensure consistent, high-quality investigations.
Provide guidance and best practices on forensic readiness and security incident management.
Collaborate with threat intelligence teams to correlate forensic findings with threat actor tactics, techniques, and procedures (TTPs).
Conduct compromise assessments and proactive threat hunting using forensic tools and log analysis.
Assist in the triage and scoping of incidents, working directly with clients and our client account management team to define investigative priorities.
Support cloud forensics investigations, ensuring the correct collection, handling, and analysis of digital evidence in AWS and Azure environments.

Key Skills & Experience:

Proven experience in DFIR, with hands-on expertise in forensic analysis, incident response, and threat investigations.
Technical background (e.g., previous experience as a systems or network administrator) with a solid understanding of operating systems, networking, and security architectures.
Proficiency in CrowdStrike, Magnet Axiom, and SIFT Workstations.
Strong knowledge of AWS and Azure security architectures, including how to perform forensic investigations in cloud environments.
Experience with log analysis, endpoint forensics, and memory forensics.
Strong analytical and problem-solving skills, with a methodical and detail-oriented approach to investigations.
Excellent documentation and reporting skills, ensuring investigation findings are communicated clearly and accurately.
Ability to translate complex forensic concepts into client-friendly language, supporting engagement with both technical and executive stakeholders.
Experience with forensic data preservation, chain of custody, and evidential procedures.
Familiarity with threat intelligence frameworks (MITRE ATT&CK, TTP mapping, IOC development).
Certifications such as GCFA, GCIH, CISSP, AWS Security Specialty, Azure Security Engineer, or equivalent are desirable.

Who You Are:

A methodical thinker with a structured approach to forensic investigations.
A strong communicator, capable of presenting complex findings in a clear and concise manner.
A self-motivated problem solver, able to work independently and as part of a team.
Someone with a passion for cybersecurity, eager to stay ahead of emerging threats and forensic techniques.

If you are a technical, detail-oriented DFIR professional with experience in on-prem and cloud forensics, we’d love to hear from you!