Senior Cyber Threat Intelligence & Forensics Analyst

We are looking for a seasoned cybersecurity professional to bridge the gap between "knowing the enemy" and "stopping the attack." You will lead our Threat Intelligence efforts to predict and detect adversaries, spearhead Incident Response when breaches occur, and perform deep-dive Digital Forensics (DFIR) to understand the how and why. This is a high-impact role requiring technical depth, analytical rigor, and the ability to stay calm under fire.

Key Responsibilities:

1. Threat Intelligence (Predict & Prevent)

• Adversary Tracking: Monitor TTPs (Tactics, Techniques, and Procedures) of relevant threat actors using the MITRE ATT&CK framework.
• Intelligence Lifecycle: Collection, processing, analysis, and dissemination of actionable intelligence to internal stakeholders.
• Detection Engineering: Translate raw intelligence into custom SIEM alerts, YARA rules, and Sigma signatures.

2. Incident Response (Detect & Respond)

• Crisis Management: Act as the technical lead during high-severity security incidents, coordinating containment and eradication efforts.
• Threat Hunting: Conduct proactive hunts across the environment to identify stealthy persistence or lateral movement that automated tools missed.
• Playbook Development: Design and automate IR playbooks to reduce Mean Time to Respond (MTTR).

3. Digital Forensics (Analyze & Document)

• Evidence Acquisition: Perform dead-box and live-memory forensics on Windows, Linux, and Cloud environments (AWS/Azure/GCP).
• Root Cause Analysis: Reconstruct attack timelines to determine the initial vector and the extent of data exfiltration.
• Reporting: Translate complex technical findings into "executive-level" reports for legal, compliance, and leadership teams.

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Experience: 5+ years in a dedicated SOC, IR, or Intel role (ideally within a CSIRT or MSSP).
• The Toolkit: Mastery of tools like Splunk/ELK, CrowdStrike/SentinelOne/VisionOne, Magnet AXIOM/FTK/EnCase/Autopsy, Sandbox, Volatility, and Wireshark.
• Programming: Ability to script in Python or PowerShell to automate repetitive tasks or parse forensic artifacts.
• Certifications: We value skills over paper, but GIAC (GCIH, GCFA, GCTI), CFE, CTIA or CHFI are highly preferred.
• Familiarity with incident response processes and frameworks.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent verbal and written communication skills to present complex technical information clearly.