Senior Digital Forensics & Incident Response (DFIR) Analyst

Cyber Advisors , (CA) headquartered in Maple Grove, MN, is looking for an experienced Senior Digital Forensics & Incident Response (DFIR) Analyst. CA is a steadily growing Cybersecurity and IT managed services provider (MSP) business that specializes in a very high-quality, customer-focused approach to designing, managing, and maintaining our customer's IT environment. We have invested a tremendous amount of time to develop our technology, processes, and support platform.  We are now adding to our team of outstanding individuals to help in our growth.  Come grow with us!

Position Summary
The Senior DFIR Analyst is a technical lead responsible for complex incident investigations, advanced forensic analysis, incident coordination, and continuous improvement of DFIR playbooks, tooling, and reporting standards. This role serves as a primary escalation point during major incidents, mentoring DFIR Analysts, and partners with SOC leadership, Offensive Security, and engineering to reduce investigative friction and improve organizational readiness.

Key Responsibilities

• Lead complex DFIR investigations end-to-end: scope, evidence strategy, analysis, and findings validation across endpoint, identity, cloud, and network telemetry.
• Perform advanced forensic analysis (disk, memory, cloud artifacts) including timeline construction, persistence discovery, credential access signals, and data access/exfiltration assessment.
• Conduct root cause analysis to determine the TTPs (Tactics, Techniques, and Procedures) used by threat actors and propose measures to prevent similar incidents in the future.
• Serve as incident lead or deputy lead for major incidents: coordinate containment/eradication/recovery with stakeholders and ensure evidence is preserved while response actions proceed.
• Produce high-quality incident reports: executive summary, technical narrative, timeline, root cause, and prioritized remediation recommendations.
• Own and improve DFIR playbooks, evidence collection checklists, and case documentation standards; conduct quality reviews and coaching.
• Design/implement analysis automation (scripts, parsers, Velociraptor/KAPE artifacts, SOAR integrations) to reduce time-to-triage and improve consistency.
• Support threat hunting and detection improvement by translating DFIR findings and Offensive Security TTPs into detection opportunities and telemetry requirements.
• Mentor DFIR Analysts through case reviews, technical sessions, and training plans; help build specialization (cloud forensics, memory, network, malware triage).

Work Schedule and Environment

• May require after-hours availability and participation in an on-call rotation, including serving as an escalation point.
• This role requires calm leadership during high-severity events and management of multiple concurrent investigations.

Required Qualifications

• 4–7+ years of experience in DFIR, incident response, threat detection, or digital forensics roles.
  
• Demonstrated experience leading complex investigations and coordinating response actions with technical and business stakeholders.
•  Strong proficiency with SIEM/EDR platforms and forensic tooling; ability to acquire, analyze, and interpret evidence across systems.
  
• Strong knowledge of incident handling lifecycle and forensic best practices, including chain-of-custody and defensible reporting.
• Strong analytical and problem-solving skills with the ability to handle complex, multi-layered incidents.
• Excellent written and verbal communication skills; ability to brief technical and non-technical audiences.
• Ability to lead and mentor junior team members, fostering a culture of knowledge sharing and collaboration.
• Relevant certifications (one or more): GCIH, GCFA, GCFE, GNFA, CCDL2, SBTL2, CISSP (or equivalent).

Preferred Qualifications

• Cloud DFIR experience (Microsoft 365/Azure, AWS): audit logs, identity investigations, mailbox and file activity analysis.
• Network forensics experience (pcap analysis, proxy/firewall logs) and/or malware triage experience.
• Experience improving detection content and automation based on DFIR learnings.
• Familiarity with regulatory compliance requirements, such as GDPR, HIPAA, and PCI-DSS, and experience in implementing security controls for compliance.

Core Competencies

• Technical leadership and ownership mindset
• Structured investigation methodology and attention to detail
• Stakeholder communication and customer empathy
• Operational excellence (prioritization, documentation, follow-through)

WHAT WE OFFER

• Competitive salary depending on skills and experience.
• PTO and 8 Paid Holidays.
• Employer-paid Health and Dental Insurance for CA employees.
• Great opportunities for career advancement
• 401k with employer matching
• Disability and Life Insurance