Forensic Lead

• Performs digital forensic analysis on Windows, Apple Mac, and Linux-based operating systems, and analyzes networking appliances including VPN and firewall appliances
• Documents forensic findings according to Arete Forensic Tracker standards and develops a master timeline and visual attack map of events
• Identifies additional sources (systems, logs, etc.) for collection based on analysis and addresses gaps in the attack lifecycle
• Collaborates with the Security Operations Center (SOC) to utilize data from monitoring and alerts provided by installed applications and deployed EDR solutions to identify Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs) relevant to the case
• Handles complex and critical security incidents
• Delivers forensic findings and updates to the team clearly and concisely through a narrative outlining event timeline, adjusting delivery to match the audience's technical capabilities
• Tracks findings and captures data points to enrich threat intelligence and inform investigations
• Raises technical constraints and issues within the Forensics team to pinpoint incident details and escalates them to Forensic leadership
• Maintains current case analyst notes, the Forensic tracker, timeline, and attack map for team collaboration in our centralized case location
• Reviews detailed updates on investigative findings, including the timing and method of initial intrusions, adversary actions, activity timelines/lateral movements, and indicators of data access or exfiltration
• Identifies, documents, and shares critical IOCs or adversary TTPs uncovered with Incident Response, Threat Intel, and Security Operations teams
• Communicates identified IOCs to the India Tiger Team to advance investigations, restore/respond, and strengthen the client’s security posture
• Utilizes incident-mapping frameworks like MITRE’s ATT&CK and Lockheed Martin’s Cyber Kill Chain to contextualize identified adversary actions/IOCs
• Reviews written incident reports, investigative updates, and reports as directed by counsel partners
• Communicates within the DFIR team and provides routine status updates using our case management platform
• Collaborates with cross-functional teams to leverage threat intel TTPs/IOCs, SOC/Threat Hunting team information, and Negotiations team updates to enhance incident intelligence
• Recognized as an internal expert and thought leader in area of expertise with broad experience across multiple job/specialty areas
• Plays a primary role in coaching and mentoring junior team members
• Reviews reports and appendices based on findings using standard report templates
• Accurately tracks and records time for forensic analysis
• May perform other duties as assigned by management

• Deep understanding of forensic artifacts, including analysis of operating system artifacts and recovery of deleted items from Windows, Linux, Mac, and RAM/memory forensics
• Thorough experience analyzing network and operating system log files such as Windows Event logs, Unified Audit Logs, Firewall logs, VPN logs, etc.
• Thorough knowledge of Windows disk and memory forensics, Network Security Monitoring (NSM), network traffic analysis, and log analysis, Unix or Linux disk and memory forensic
• Proficiency with enterprise security controls
• Master of delivering technical findings to non-technical audiences
• Ability to provide findings confidently and factually
• Thorough knowledge and experience handling PII, PHI, sensitive, confidential, and proprietary datasets
• Comprehensive experience with Cyber insurance investigations

• Bachelor’s degree in information security, computer science, digital forensics, or cyber security and 8+ years of incident response or digital forensics experience or Master's degree and 6+ years related experience or Doctorate, and 4+ years related experience
• Mastery of tools like EnCase, Axiom, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, Wireshark, TCP Dump, and other open-source forensic tools
• Possess two or more of the following Certifications: Security +, Network+, SANS GCED, GCIH, GCFE, GCFA, CEH, CHFI

About Us