Engineer III - Digital Forensics & Investigations

What you will be doing
Position Summary
The Engineer III, Digital Forensics, is a senior technical role within the Cyber Defense organization responsible for conducting complex forensic investigations across endpoints, servers, cloud platforms, and mobile devices. This role serves as an escalation point for junior analysts, ensuring digital evidence is collected, preserved, and analyzed in a defensible manner. The Engineer III will play a critical role in supporting incident response, insider threat investigations, and legal or HR inquiries while collaborating with global stakeholders to mature forensic capabilities across the enterprise.
Primary Duties and Responsibilities

• Lead digital forensic investigations involving cyber incidents, insider threats, fraud, or policy violations.
• Perform advanced forensic analysis on endpoints, servers, cloud platforms, and mobile devices to identify malicious activity, data exfiltration, or system compromise.
• Ensure proper evidence collection, preservation, documentation, and chain of custody in compliance with legal and regulatory standards.
• Develop and refine forensic playbooks, procedures, and workflows for global use.
• Partner with incident response, insider threat, HR, Legal, and Corporate Security teams to support sensitive investigations.
• Analyze malware, artifacts, and logs to determine attack vectors, timelines, and root causes.
• Act as a technical escalation point for Engineer I/II forensic analysts.
• Provide clear written reports and investigative summaries for leadership, legal, and non-technical audiences.
• Mentor and train junior forensic engineers on investigative techniques, tools, and evidence handling.
• Stay current on emerging forensic tools, technologies, and best practices to continuously improve program maturity.

Education and Qualifications

• Bachelor's degree in Cybersecurity, Digital Forensics, Computer Science, or equivalent work experience; Master's degree preferred.
• Strong knowledge of forensic methodologies, evidence handling, and investigative processes.
• Familiarity with industry frameworks such as NIST, ISO 27037, and SANS best practices.

What your background should look like
Preferred Certifications

• EnCase Certified Examiner (EnCE)
• Certified Computer Examiner (CCE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Advanced Smartphone Forensics (GASF)
• Certified Information Systems Security Professional (CISSP)

Work Experience

• 5-7 years of progressive experience in cybersecurity, with at least 3 years focused on digital forensics.
• Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, Cellebrite, or Magnet Axiom.
• Demonstrated expertise in forensic investigations supporting cyber incidents, insider threats, or HR/Legal matters.
• Proven ability to handle sensitive investigations and maintain confidentiality.
• Strong communication skills, with the ability to present technical findings to technical and non-technical stakeholders.

Schedule
Full time