Digital Forensics & Incident Response Analyst

Job Summary The Digital Forensics & Incident Response Analyst is responsible for delivering Incident Response Services offered by Fortified Health Security. Which includes Digital Forensic and Incident Response (DFIR) and IR Maturity Services. This position requires availability to work extended hours—including nights, weekends, and holidays—during active incidents to support emergency situations. The analyst must be available to answer calls and join bridge calls at any time. Core responsibilities include conducting deep-dive forensic investigations, analyzing logs and malware, reconstructing attack timelines, and producing detailed reports for stakeholders and legal teams. The analyst will also perform root cause analysis and threat hunting, and apply incident response and forensic best practices to define follow-up actions and provide actionable recommendations. In addition, the analyst provides technical support and advisory services for cybersecurity incidents, contributing to all phases of incident response, including analysis, containment, eradication, and recovery, to help restore client operations. The role requires thorough documentation of all incident activities and regular status reporting to the Manager, Incident Response Services, in alignment with established policies, procedures, and standards. The analyst must demonstrate Fortified’s core values in all interactions and maintain a high level of professionalism, communication, and tact. When not actively engaged in incidents, the analyst will work with clients in Fortified’s IR Retainer program, requiring a strong understanding of incident response plans, stakeholder roles, and processes, as well as diligent documentation, reporting improvement opportunities, and effective consultation and communication. Essential Job Functions The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

• Work in a collaborative fashion with various Fortified team members and client.
• Execution and delivery of Incident Response services and compromise assessments.
• Delivery of findings (formal report, notes, presentation, and appendices) to client.
• Possess and maintain the skills and familiarity with tools necessary for the performance of threat hunting, incident response, evidence collection/handling, forensic analysis, and remediation to comprehensively respond to and recover from an incident.
• Conduct RCA (root cause analysis).
• Conduct Digital Forensics on an Incident.
• Conduct threat hunting during an incident or compromise assessment.
• Maintain awareness of various technologies and domain industry knowledge.
• Use various Security Operations Center and Vulnerability management tools to conduct Incident Response.
• Maintain currency of existing and pursue relevant industry or professional certifications/ training.
• Knowledge and familiarity with Incident Response plans and Incident Response Handling.
• Assist in the detection, analysis, containment, eradication, and recovery of cybersecurity incident projects and contribute to the lessons learned/preparation processes.
• Work effectively in a small team environment with ability to communicate effectively and efficiently.
• Define service delivery platforms/tools based on client needs, cost, ability to integrate with existing network infrastructure and security implementations.
• Orchestrate multiple incident response projects from start to finish.
• Accurately enters and submits time by required deadlines, supervise team members to do the same.
• Books travel in adherence to the company/client travel policy.
• Maintains documentation regarding customer interactions and detailed notes pertaining to actions taken during an assigned project.
• Maintain and update the Fortified Services Methodology and other department documentation.
• Familiarity with Fortified Core Services and make appropriate recommendations to client based on those offerings.
• Attend and participate in team and departmental meetings as needed.

Knowledge & Skills Education & Experience

• Bachelor's Degree in Computer Science, Information System Management, or other relevant combination of training and experience.
• 4+ years of proven work experience in an Incident Response related field.
• Healthcare IT, Financial or Retail experience a plus.
• Understanding of digital forensics and eDiscovery a plus.
• Solid understanding of hardware and networking terminology and devices.

Special Skills & Knowledge

• Understanding and familiarity with EDR and Forensic Technologies: i.e., Cybereason, CrowdStrike, SentinelOne, FTK Imager, Velociraptor, Magnet Axiom, etc.
• Familiarization with scripting and automation via PowerShell, command line, bash, etc.
• Experience with network security and threat hunting.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Familiarity with policy development, planning, and documentation.
• Ability to work and communicate with clients, third-party system vendors, and other departments in an effective, positive, and professional manner.
• Must possess a level of professionalism and diplomacy that will serve to build and maintain relationships throughout the course of an assigned project and beyond.
• Excellent interpersonal skills that include the ability to effectively communicate verbally and in writing.
• Resourcefulness and the ability to take the initiative in the development and completion of work projects.
• Must possess and have proven problem resolution / critical thinking skills.
• Must be flexible and work with a high level of initiative.
• Ability to retain and protect confidential material.
• Ability to demonstrate supportive relationships with peers, clients, partners, and corporate executives.

Licenses, Certifications, etc.

• Relevant security certifications (i.e., E|CIH, GCIH, IHRP, CSIH, GCFA/GCFE etc.)
• Other desired technology certifications (i.e., CISSP, CISM, MCSE, CCNA, etc.)

Requirements

Supervisory Responsibility

• N/A

Working Conditions & Travel Requirements

• Evening and weekend hours should be anticipated.
• Travel as needed.

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team. Apply tot his job Apply To this Job