1,809 Digital Forensics Analyst jobs in the United States

Latham & Watkins is a global law firm consistently ranked among the top firms in the world. The success of our firm is largely determined by our commitment to hire and develop the very best and brightest, creating a team that provides our clients with the highest quality of work and service. We are driven by our core values: respect, innovation, and collaboration.

The Information Governance Digital Forensics Analyst II is an integral part of Latham's Information Governance/Technical Services team. This role will be responsible for managing and ensuring the integrity, security, and accessibility of information across various platforms, while ensuring the integrity and authenticity of electronic data by preserving it in its original form for legal and investigative purposes. This role will be located in our Global Services Office in Downtown Los Angeles. Please note that this role may be eligible for a flexible working schedule that allows for a hybrid and in-office presence.

Other key responsibilities include:

• Efficiently collecting electronic data from various sources, including on-premises servers and cloud-based systems, while adhering to legal and organizational standards
• Collaborating with teams to provide necessary data for legal holds, litigation holds, subpoenas, and other legal processes, ensuring timely and accurate data delivery
• Maintaining detailed records of data collection and preservation activities, as well as preparing comprehensive reports for legal and investigative teams
• Working closely with legal, technical, and other relevant teams to ensure efficient and effective data management and support
• Promoting effective work practices, working collaboratively as a team member, and showing respect for co-workers to foster a positive and productive work environment
• Protecting and maintaining any highly sensitive, confidential, privileged, financial, and/or proprietary information that Latham & Watkins retains

We'd love to hear from you if you:

• Exhibit proficiency in using digital forensics tools such as X-Ways, Nuix Workstation, Axiom, Purview, and FTK for data collection, analysis, and reporting
• Possess a strong understanding of techniques for preserving and collecting electronic data while maintaining its integrity and authenticity
• Demonstrate the ability to analyze complex data sets and draw meaningful conclusions to support investigative processes

And have:

• Relevant certification/s or degree; a minimum of five (5) years of relevant experience may be considered in lieu of certifications/ degree
• A minimum of three (3) years of IT experience

Successful candidates will not only be provided with an outstanding career opportunity and welcoming environment, but will also be provided with a generous total compensation package with bonuses awarded in recognition of both individual and firm performance. Eligible employees can participate in Latham's comprehensive benefit program which includes:

• Healthcare, life and disability insurance
• A generous 401k plan
• At least 11 paid holidays per year, and a PTO program that accrues 23 days during the first year of employment and grows with tenure
• Well-being programs (e.g. mental health services, mindfulness and resiliency, medical resources, well-being events, and more)
• Professional development programs
• Employee discounts
• Affinity groups, networks, and coalitions for lawyers and staff

Latham & Watkins is an equal opportunity employer. The Firm prohibits discrimination against any employee or applicant for employment on the basis of race (including, but not limited to, hair texture and protective hairstyles), color, religion, sex, age, national origin, sexual orientation, gender identity, veteran status (including veterans of the Vietnam era), gender expression, marital status, or any other characteristic or condition protected by applicable statute.

Latham & Watkins LLP will consider qualified applicants with criminal histories in a manner consistent with the City of Los Angeles Fair Chance Initiative for Hiring Ordinance (FCIHO). Please click the link below to review the Ordinance.

Please click here to review your rights under U.S. employment laws. #Associate

USD $105,000.00 - USD $125,000.00 /Yr.

This is a remote role that may be hired in several markets across the United States.

As a Senior Incident Response Analyst, you'll be a member of the bank's Cyber Incident Response team. We are looking for an experienced senior level analyst with proven skillsets to detect and respond to threats in the environment, interact with business stakeholders and work to restore operations. This is a technical role and will support the Threat Hunting, Intelligence, and Monitoring functions with content creation, threat analysis, detection recommendations, and colleague mentoring. Seeking a candidate with strong communication skills to complement their technical skillset providing the ability to distill down complex issues for broader understanding expedited incident management.

• Incident Analyst/handler -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

• Incident Responder/Incident Lead - Lead Incidents, coordinating the investigation, mitigation, and remediation from a technical perspective. Liaise with technical and business stakeholders.

• Incident Management - Ensures Information Security incidents are properly detected, documented, investigated, and resolved.

• Content Development - Support the creation of countermeasures and mitigations in response to an incident.

• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.

• Post Incident Review - Provide recommendations to improve communication, processes, procedures, and mitigation options based on high severity incidents.

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Experience with all aspects of Incident response including stakeholder management.

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.

• Support the build out of a proactive threat hunting capability.

• Experience analyzing/dispositioning and escalating security events (systems, application, network, authentication email events)

• Experience translating threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.

• Ability to define security requirements and drive project deliverables.

• Ability to keep track of multiple incidents and ensure responses are provided in a timely fashion.

• Experience responding to cloud-related incidents in Azure, AWS and Google cloud.
• Cloud administrative experience preferred.
• Cyber Incident Response experience - 3+ years required in which your primary job was an Incident Response role.

• This role requires participation in the afterhours on call rotation. Rotations will cycle on a weekly basis.

The base pay for this position is generally between $140,000 and $188,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at

This is a remote role that may be hired in several markets across the United States.

As a Senior Incident Response Analyst, you'll be a member of the bank's Cyber Incident Response team. We are looking for an experienced senior level analyst with proven skillsets to detect and respond to threats in the environment, interact with business stakeholders and work to restore operations. This is a technical role and will support the Threat Hunting, Intelligence, and Monitoring functions with content creation, threat analysis, detection recommendations, and colleague mentoring. Seeking a candidate with strong communication skills to complement their technical skillset providing the ability to distill down complex issues for broader understanding expedited incident management.

• Incident Analyst/handler -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

• Incident Responder/Incident Lead - Lead Incidents, coordinating the investigation, mitigation, and remediation from a technical perspective. Liaise with technical and business stakeholders.

• Incident Management - Ensures Information Security incidents are properly detected, documented, investigated, and resolved.

• Content Development - Support the creation of countermeasures and mitigations in response to an incident.

• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.

• Post Incident Review - Provide recommendations to improve communication, processes, procedures, and mitigation options based on high severity incidents.

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Experience with all aspects of Incident response including stakeholder management.

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.

• Support the build out of a proactive threat hunting capability.

• Experience analyzing/dispositioning and escalating security events (systems, application, network, authentication email events)

• Experience translating threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.

• Ability to define security requirements and drive project deliverables.

• Ability to keep track of multiple incidents and ensure responses are provided in a timely fashion.

• Experience responding to cloud-related incidents in Azure, AWS and Google cloud.
• Cloud administrative experience preferred.
• Cyber Incident Response experience - 3+ years required in which your primary job was an Incident Response role.

• This role requires participation in the afterhours on call rotation. Rotations will cycle on a weekly basis.

The base pay for this position is generally between $140,000 and $188,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at

• Lead and conduct advanced investigations into security incidents using EDR, Network traffic analysis, and Forensic tools.
• Perform root cause analysis and develop mitigation strategies for complex cyber threats, including APTs, malware outbreaks, insider threats, ransomware, encryption, data exfil activities and others.
• Act as a technical escalation point during major security incidents, providing in-depth knowledge of tools, techniques, and procedures (TTPs) used by threat actors.
• Conduct deep dive investigations and threat hunting activities to detect and respond to anomalies and early indicators of compromise (IOCs), using EDRs products. (Mostly MS Defender).
• Perform memory, disk, and log forensics using tools such as Volatility, Autopsy, and Windows/Linux forensic utilities.
• Develop and refine incident response runbooks, playbooks, and standard operating procedures (SOPs).
• Contribute with IR Partners by leveraging offensive and threat hunting security knowledge.
• Assist with post-incident reviews and lessons learned to improve detection and response strategies.
• Mentor junior IR analysts.
• Stay current with the threat landscape, emerging attack techniques, and relevant security technologies.

• Experience: Minimum 5+ years in a dedicated Incident Response or Security Operations role, with hands-on investigative experience using advanced EDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, etc.).
• Technical Security Skills:
• Defensive: Malware analysis, memory forensics, log analysis, endpoint and network triage.
• Offensive: Understanding of exploitation techniques, red teaming, vulnerability assessment, and attack simulations.
• Certifications: One or more of the following is required or highly preferred:
• GIAC GCFA / GCIA / GCIH / GNFA
• OSCP / OSCE / GPEN
• Microsoft SC-200 / MS Defender-specific certifications
• OWASP or web application security certifications
• Networking and Systems Expertise:
• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, SMTP, etc.)
• Proficiency in analyzing packet captures and netflow data (e.g., Wireshark, Zeek)
• Deep understanding of Windows, Linux, and cloud environments (AWS, Azure)
• Knowledge of IR Frameworks: NIST 800-61, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain.
• Scripting and Automation: Python, PowerShell, Bash, or equivalent scripting languages for automating investigation and response tasks.

• We are client obsessed.
• We stand in solidarity with our teammates.
• We prioritize personal health and well-being.
• We believe in the power of diversity.
• We solve hard problems at the speed of cyber.

• Understanding and following DeepSeas's information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas's information security.
• Actively participating in DeepSeas's efforts to maintain and improve information security.
• DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data. This information must be treated with Sensitivity and in the most secure manner. HR reserves the right to perform random background/drug Screens to ensure the safety of client/DeepSeas data

Job DescriptionJob Description

Cyber Security Analyst, Operations Watch Incident Response Analyst 
North Charleston, SC 
Minimum Secret to Start, requires TS SCI 

Position Description
As an Operations Watch Analyst, you will isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to satisfy the Chairman of the Joint Chiefs of Staff Manual (CJCSM) B reporting requirements.

Position Requirements and Duties
•   Maintains familiarity with CJCSM B.
•   Compiles and maintains internal standard operating procedure (SOP) documentation.
•   Ensures associated documentation and capabilities remain compliant with CJCSM B and other applicable policy directives.
•   Provides network intrusion detection and monitoring, correlation analysis, incident response and support for the Cybersecurity Service Provider (CSSP) and its subscriber sites.
•   Validates suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.
•   Coordinates with JFHQ-DoDIN and supported entities regarding significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is completed.
•   Provides 24x7 support for the CSSP’s Incident Response capability during non-core business hours consistent with CSSP requirements as needed.
•   Performs network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents.
•   Possesses working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.).
•   Explores patterns in network and system activity via log correlation using Splunk and supplemental tools
•   Possesses understanding of IDS/IPS solutions to include signature development and implementation
•   Participates in program reviews, product evaluations, and onsite certification evaluations.
•   Overtime may be required as needed to support incident response actions (Surge)
•   Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CSSP Services Director and/or assigned manager.
•   This position requires a shift of four (4) ten-hour days per week, which includes one weekend day. Example schedules may include Wednesday to Saturday or Sunday to Wednesday.

Minimum Qualifications
•   US
•   Bachelor’s degree in a relevant discipline OR at least three years of directly relevant experience, preferably in  a DoD environment.
•   Up to 15% global travel may be required; emergency travel may be required with 72-hour notice for incident response and to support other program needs.

Qualifications
•   At least five years of incident response experience
•   The ability to solve problems independently
•   Knowledge of Incident Response Procedures
•   Knowledge of Packet Analysis
•   Knowledge of IDS/IPS solutions
•   Familiarity with various Host-Based Tool
•   Experience with Log Aggregation Tools
•   Logical thinking and analytical ability
•   Verbal and written communication ability
•   Highly Desired Skills
•   Knowledge of CJCSM B
•   Experience with Digital Forensics
•   The ability to solve problems independently

Required Certifications
•   IATII and CSSP Compliant Certifications

Company Overview

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers’ business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.

Summary of Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.

Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities.

Adapt Forward’s Veteran/ Affirmative Action Plan narrative section is available for inspection upon request during normal business hours at the Human Resources office and may be requested by contacting Human Resources at

Powered by JazzHR

hoKID0KbIo

Cyber Security Analyst, Operations Watch Incident Response Analyst 

North Charleston, SC 

Minimum Secret to Start, requires TS SCI 

Position Description

As an Operations Watch Analyst, you will isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to satisfy the Chairman of the Joint Chiefs of Staff Manual (CJCSM) B reporting requirements.

Position Requirements and Duties

•   Maintains familiarity with CJCSM B.

•   Compiles and maintains internal standard operating procedure (SOP) documentation.

•   Ensures associated documentation and capabilities remain compliant with CJCSM B and other applicable policy directives.

•   Provides network intrusion detection and monitoring, correlation analysis, incident response and support for the Cybersecurity Service Provider (CSSP) and its subscriber sites.

•   Validates suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.

•   Coordinates with JFHQ-DoDIN and supported entities regarding significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is completed.

•   Provides 24x7 support for the CSSP’s Incident Response capability during non-core business hours consistent with CSSP requirements as needed.

•   Performs network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents.

•   Possesses working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.).

•   Explores patterns in network and system activity via log correlation using Splunk and supplemental tools

•   Possesses understanding of IDS/IPS solutions to include signature development and implementation

•   Participates in program reviews, product evaluations, and onsite certification evaluations.

•   Overtime may be required as needed to support incident response actions (Surge)

•   Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CSSP Services Director and/or assigned manager.

•   This position requires a shift of four (4) ten-hour days per week, which includes one weekend day. Example schedules may include Wednesday to Saturday or Sunday to Wednesday.

Minimum Qualifications

•   US Citizen

•   Bachelor’s degree in a relevant discipline OR at least three years of directly relevant experience, preferably in  a DoD environment.

•   Up to 15% global travel may be required; emergency travel may be required with 72-hour notice for incident response and to support other program needs.

Preferred Qualifications

•   At least five years of incident response experience

•   The ability to solve problems independently

•   Knowledge of Incident Response Procedures

•   Knowledge of Packet Analysis

•   Knowledge of IDS/IPS solutions

•   Familiarity with various Host-Based Tool

•   Experience with Log Aggregation Tools

•   Logical thinking and analytical ability

•   Verbal and written communication ability

•   Highly Desired Skills

•   Knowledge of CJCSM B

•   Experience with Digital Forensics

•   The ability to solve problems independently

Required Certifications

•   IATII and CSSP Compliant Certifications

Company Overview

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers’ business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.

Summary of Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.

• 401k Retirement Plan with Matching Contribution is immediately available and vested.

• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.

• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.

• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.

Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities.

Adapt Forward’s Veteran/Disability Affirmative Action Plan narrative section is available for inspection upon request during normal business hours at the Human Resources office and may be requested by contacting Human Resources at

Powered by JazzHR

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
• *What you'll be doing**

+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

+ Document incidents from initial detection through final resolution.

+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
• *What we’re looking for**

+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

+ 4 Year/Bachelor's degree or equivalent work experience

#DICE
• *What’s it like to work here?**

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
• *What’s in it for you:**

+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

+ Leadership development and virtual training opportunities

+ PTO/parental leave

+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program

+ Tuition assistance program

+ Work arrangements that work for you

+ Effective productivity/technology tools and training