×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Cyber Forensics Analyst Lead

Job in Portland, Multnomah County, Oregon, 97204, USA
Listing for: ECS
Full Time position
Listed on 2026-05-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Key Responsibilities

  • Lead end-to-end cyber forensic investigations, including intake, triage, scoping, evidence strategy, tasking, analysis coordination, and deliverable development.
  • Define investigative objectives, data sources, timelines, roles, assumptions, and expected outputs for forensic activities.
  • Ensure forensic investigations align with incident response priorities, legal and compliance requirements, organizational risk tolerance, and mission needs.
  • Direct the collection, preservation, processing, and handling of digital evidence from endpoints, servers, cloud services, identity platforms, security tools, network devices, and other relevant sources.
  • Ensure evidence integrity through documented chain‑of‑custody procedures, repeatable acquisition methods, secure storage, and defensible handling practices.
  • Validate forensic acquisition approaches, tool outputs, and evidence handling procedures for completeness, accuracy, and admissibility where applicable.
  • Oversee analysis of host artifacts, file systems, memory, logs, endpoint telemetry, malware indicators, authentication activity, network data, and other forensic evidence.
  • Identify attack vectors, compromise timelines, persistence mechanisms, lateral movement, privilege escalation, data access, exfiltration indicators, and affected assets.
  • Correlate forensic findings with SOC alerts, threat intelligence, SIEM data, EDR telemetry, vulnerability information, and incident response actions.
  • Produce and review high‑quality forensic reports, investigative timelines, evidence summaries, executive summaries, and technical findings.
  • Translate forensic evidence into clear risk, impact, and business language for technical and non‑technical audiences.
  • Develop practical recommendations to support containment, eradication, recovery, control improvements, detection enhancements, and future prevention.
  • Serve as the primary forensic point of contact during cybersecurity incidents, investigations, and follow‑up analysis activities.
  • Brief SOC leadership, program leadership, system owners, legal or compliance stakeholders, and technical teams on forensic status, findings, risks, and next steps.
  • Coordinate with SOC analysts, threat hunters, threat intelligence analysts, engineers, and other responders while maintaining disciplined investigative practices.
  • Lead and mentor forensic analysts and contributors, including assigning tasks, reviewing work products, and supporting professional development.
  • Review evidence, analysis methods, timelines, conclusions, and reports for accuracy, consistency, completeness, and defensibility.
  • Support standardization of forensic playbooks, evidence checklists, reporting templates, workflows, and quality‑control practices.
  • Maintain and improve forensic methodologies, tools, lab procedures, evidence repositories, and analysis workflows.
  • Support lessons learned, after‑action reviews, tabletop exercises, and readiness activities that improve investigative speed and quality.
  • Stay current with evolving attacker tradecraft, forensic artifacts, operating systems, cloud platforms, endpoint technologies, and investigative best practices.
Required Skills
  • 7+ years of experience in digital forensics, incident response, cyber investigations, SOC operations, threat analysis, or closely related cybersecurity roles.
  • Proven experience leading formal cyber forensic investigations or incident‑response forensic work streams.
  • Hands‑on experience collecting, preserving, and analyzing digital evidence from enterprise systems, endpoints, logs, network sources, cloud platforms, or security tools.
  • Strong understanding of forensic methodologies, chain of custody, evidence integrity, incident response lifecycle, and investigative documentation standards.
  • Experience using forensic, EDR, SIEM, log analysis, or investigation tools such as EnCase, FTK, Magnet AXIOM, Autopsy/Sleuth Kit, Volatility, Velociraptor, Splunk, Sentinel, Crowd Strike, Microsoft Defender, or equivalent technologies.
  • Excellent written and verbal communication skills, including the ability to produce defensible technical reports and brief stakeholders on findings and recommendations.
Desired Skills
  • Experience…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search