Incident Response Specialist

Best Buy is an ideal place to pursue an interest in Information Security because it combines industry leadership with a strong commitment to innovation and security. As the world’s leading consumer electronics retailer, generating over $40 billion in annual revenue, Best Buy continues to grow while investing heavily in future‑focused expansion and technological advancement. Alongside enhancing customer‑facing applications, the company is building world‑class security tools and methodologies to protect customer data.

By joining Best Buy’s Information Security Team as an Incident Response Specialist, you become part of a dynamic, forward‑thinking group of experts dedicated to detecting and disrupting threat actors through advanced data analysis, threat intelligence, and cutting‑edge technologies. In this role, you will contribute on the front lines of security, strengthening detection and response capabilities while continuously improving the company’s overall security posture and resilience.

• Respond to cybersecurity incidents by collecting and analyzing digital evidence
• Develop and present forensic findings to stakeholders
• Perform data analytics to identify and validate potential security threats
• Apply knowledge of various technologies to assess evidence for relevance and forensic value
• Conduct network forensic investigations, including packet analysis
• Analyze malware to understand functionality and identify indicators of compromise (IOCs)
• Participate in proof‑of‑concept testing for new cybersecurity tools
• Prepare detailed, formal written reports suitable for legal or compliance purposes
• Support incident response activities with post‑mortem briefings, analysis, and reporting

• 5 or more years of experience in Digital Forensic Incident Response in a large‑scale enterprise environment.
• 5 or more years of experience performing forensic analysis on volatile host data.
• 5 or more years of experience performing network log and traffic analysis.
• Experience communicating with non‑technical and technical stakeholders.
• Strong case management and documentation skills.
• Strong analytical and problem‑solving skills under pressure.

• Bachelor's degree in Cybersecurity or related discipline.
• Relevant cybersecurity certifications (GIAC, EC‑Council, Offensive Security, etc.).
• Previous experience working in cloud environments in a Cybersecurity capacity.
• Experience authoring detection signatures.
• 2 or more years of recent experience conducting dynamic and static malware analysis.
• Understanding and utilization of KQL.
• Understanding of regular expression and at least one common scripting language (PERL, Python, Power Shell, ETC).

We’re committed to helping our people thrive at work and  offer generous benefits that address your total well‑being and provide support as you need it, especially key moments in your life.

• Competitive pay
• Generous employee discount
• Physical and mental well‑being support

Best Buy provides different types of leaves of absence (LOA) and potential pay sources to employees based on eligibility. The length of your LOA depends on your situation, where you live, your full‑time or part‑time employment status, and federal and state regulations. Intermittent or reduced‑schedule leave is also available for certain medical or family care leaves. Paid time off (vacation or PTO) is offered to full‑time and part‑time employees based on work location, employment status, salary or hourly status (exempt/non‑exempt), and years of continued or bridged service.

Certain roles, where market norms demand it, are eligible for various forms of incentive pay to drive performance and offer recognition for achieving financial and strategic results. For more information about our incentive pay plans, including eligibility, please refer to our Incentive Programs Summary.

For more information about benefits, LOA and paid time off, please refer to our Benefits Guide.

Best Buy is an equal opportunity employer.

Position Type:
Full time