DFIR Analyst

We are looking for a Digital Forensics and Incident Response (DFIR) Analyst to join our Security Consultancy and Forensic team. The DFIR Analyst will be responsible for conducting compromise assessments, incident response investigations, and forensic analysis across Windows and Linux environments. The ideal candidate will have hands-on experience with open-source and industry-standard DFIR tools, a strong understanding of operating system internals, and the ability to deliver detailed forensic and incident reports.

Key Responsibilities

Perform compromise assessments to detect potential intrusions, persistence mechanisms, lateral movement, and data exfiltration activities.

Conduct digital forensic investigations on Windows and Linux systems.

Collect, preserve, and analyze digital evidence in a forensically sound.

Analyze key Windows and Linux forensic artifacts, such as Prefetch, Amcache, Shimcache, Event Logs, Registry, Bash history, Syslog, and authentication logs, etc.

Correlate forensic findings with MITRE ATT&CK techniques to identify threat actor behavior and TTPs.

Integrate findings with Threat Intelligence platforms to enrich context and identify IOCs (Indicators of Compromise).

Respond to live incidents, including ransomware and data breaches.

Prepare comprehensive forensic and incident response reports with technical findings, impact analysis, and remediation recommendations.

Collaborate with SOC, Threat Hunting, and IT teams to contain, eradicate, and recover from security incidents.

Contributes to the continuous improvement of DFIR processes, toolsets, and playbooks.

Requirements

Bachelor's degree in Computer Science, Cybersecurity, Information Security, or related field (or equivalent experience)

1–2 years of hands-on experience in digital forensics and/or incident response.

Strong understanding of:

Windows and Linux OS internals and artifacts

Network protocols, attack vectors, and adversary techniques

File systems (NTFS, EXT4) and memory

Experience using and interpreting outputs from tools such as:

Velociraptor, KAPE, EZ Tools (Eric Zimmerman), UAC, Log Analysis Tools, Volatility, etc.

Familiarity with threat intelligence, IOCs, and MITRE ATT&CK mapping.

Strong analytical and problem-solving skills with attention to detail.

Excellent written communication skills - ability to produce clear, technical investigation reports for both technical and non-technical audiences.

Ability to work under pressure and manage multiple cases in parallel.

Nice-to-Have

Certifications such as CC, Security +, Network +, etc.,

Experience with cloud forensics (AWS, Azure, GCP).

Familiarity with SIEM tools (Splunk, ELK, IBM QRadar) and endpoint telemetry.

Knowledge of PowerShell or Python scripting for automation.

Experience documenting and presenting case findings to clients or executive teams.