Cyber Defense Forensics Specialist

At EY, you have the opportunity to build a career that is unique to you, supported by a global scale, inclusive culture, and cutting‑edge technology to help you reach your potential. Your distinctive voice and perspective are valued as EY strives to improve continuously. Join us and create an exceptional experience while contributing to a better working world.

The exceptional EY experience is yours to build.

We uphold high ethical standards and integrity at EY, expecting all candidates to demonstrate these qualities in their professional conduct.

In today's data‑driven world, protecting information and systems is paramount to business success. At EY, every member of our Information Security team plays a crucial role in safeguarding EY and client information. With almost 950 dedicated professionals globally, we collaborate to ensure the secure delivery of services, prompt detection, and response to security events. Together, we protect the EY brand and foster client trust.

In the Information Security team, we integrate risk strategy, digital identity, cyber defense, application security, and technology solutions across the entire security lifecycle. You will be joining a dynamic team of security‑focused individuals committed to delivering innovative, secure solutions that drive business value and enable speed to market.

As a Cyber Triage and Forensics (CTF) Incident Analyst, you will be a senior member of the technical team, responsible for response to security incidents r role involves working as an escalation point for both suspected and confirmed security incidents. Key responsibilities include performing digital forensic analysis, adhering to best practices for incident response, analyzing malware, identifying indicators of compromise, coordinating remediation efforts, and documenting processes for security incident responses.

• Investigate, coordinate, and resolve security incidents while maintaining thorough reporting.
• Conduct forensic analyses of end‑user systems and servers showing possible signs of compromise.
• Analyze artifacts gathered during security incidents.
• Identify security incidents through proactive 'Hunting' operations using SIEM and other relevant tools.
• Collaborate with server owners, system custodians, and IT contacts to facilitate incident responses, including access acquisition, digital artifact collection, and remediation actions.
• Provide expert consultation and assessments regarding perceived security threats.
• Maintain, manage, and enhance security incident processes and documentation.
• Regularly report and analyze metrics related to case work.
• Resolve incidents by pinpointing root causes and recommending solutions.
• Develop fact‑based reports based on investigative findings.
• Be on‑call to provide global incident response support.

• Ability to resolve security incidents by identifying root causes and solutions.
• Proficiency in analyzing findings from investigations and generating detailed reports.
• Demonstrated integrity and professional judgment.
• Capacity to balance personal and work priorities effectively.

• A Bachelor's or Master's Degree in Computer Science, Information Systems, Engineering, or a related field.
• 5+ years of experience in incident response, computer forensic analysis, and/or malware reverse engineering.
• A solid understanding of security threats, vulnerabilities, and incident response practices.
• Experience with electronic investigations, forensic tools, and methodologies, including log analysis and data handling.
• Knowledge of legal considerations surrounding electronic discovery and analysis.
• Experience with SIEM technologies such as Splunk.
• A strong foundation in both Windows and Unix/Linux operating systems.

• Professional certifications such as GCFE, GCFA, or GCIH (or willingness to pursue).
• Background in security incident response within Cloud‑based environments like Azure.
• Programming skills in Power Shell, Python, and/or C/C++ and an understanding of best security practices for network architecture and server configuration.

• Proven…