Security Analyst - Forensics, Threat Hunting, IOCs

Responsibilities

• Perform compromise assessments across enterprise networks, identity platforms, cloud environments, and endpoints to detect active or historical intrusions.
• Identify, analyze, and validate indicators of compromise (IOCs), malicious artifacts, and persistence mechanisms.
• Conduct threat hunting using endpoint and log data to uncover stealthy adversary activity.
• Leverage forensic tools to analyze system images, memory captures, and network traffic for signs of malicious behavior.
• Map adversary techniques to the MITRE ATT&CK framework and provide context on TTPs observed.
• Develop and deliver detailed technical and executive-level reports summarizing findings, risk implications, and prioritized remediation steps.
• Collaborate with incident response teams, SOC analysts, and client IT/security staff to validate findings and strengthen detection capabilities.
• Contribute to the continuous improvement of methodologies, playbooks, and automation for compromise assessments.

Required Qualifications

• 4-8 years of experience in cybersecurity, digital forensics, or incident response.
• Experience with all “Tool Categories and Examples” categories and  hands-on experience with at minimum one tool in each section
• Strong familiarity with public cloud providers (e.g. Amazon Web Services, Google Cloud, Microsoft Azure)
• Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and familiarity with MITRE ATT&CK.
• Experience conducting forensic analysis of endpoints, logs, and network data.
• Strong written and verbal communication skills, with ability to create reports tailored to both technical and executive audiences.
• Industry certifications such as GCFA, GNFA, GCIH, CySA+, or Security+. (Preffered)

Tool Categories and Examples

• Endpoint & Host Forensics - Velociraptor, KAPE (Kroll Artifact Parser & Extractor), FTK Imager / EnCase / X-Ways, Volatility / Rekall, Sysinternals Suite
• Endpoint Detection & Response (EDR) - CrowdStrike Falcon, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Sophos Intercept X
• SIEM & Log Analysis - Splunk, Microsoft Sentinel, Elastic (ELK Stack), IBM QRadar, LogRhythm
• Network & Traffic Analysis - Wireshark / tcpdump, Zeek (Bro), Security Onion, Arkime (Moloch)
• Threat Intelligence & IOC Enrichment - MISP, VirusTotal, Hybrid Analysis, AlienVault OTX, ThreatConnect, Anomali, MITRE ATT&CK Navigator
• Cloud & SaaS Visibility - AWS GuardDuty, CloudTrail, Security Hub, Azure Security Center, Defender for Cloud, Sentinel, Google Chronicle, Security Command Center, Prisma Cloud, Wiz, Orca
• Scripting & Automation - Python, PowerShell, Bash, jq, Sigma rules, YARA rules

Key Attributes

• Analytical thinker with strong investigative skills.
• Comfortable working in fast-paced, incident-driven environments.
• Ability to navigate discussions with executives and engineers alike.
• Strong attention to detail and ability to connect technical findings to business impact.
• Collaborative and client-focused, with a commitment to delivering high-quality assessments.