Position SummaryThe Senior DFIR Analyst is a technical lead responsible for complex incident investigations, advanced forensic analysis, incident coordination, and continuous improvement of DFIR playbooks, tooling, and reporting standards. This role serves as a primary escalation point during major incidents, mentoring DFIR Analysts, and partners with SOC leadership, Offensive Security, and engineering to reduce investigative friction and improve organizational readiness.Key ResponsibilitiesLead complex DFIR investigations end-to-end: scope, evidence strategy, analysis, and findings validation across endpoint, identity, cloud, and network telemetry.Perform advanced forensic analysis (disk, memory, cloud artifacts) including timeline construction, persistence discovery, credential access signals, and data access/exfiltration assessment.Conduct root cause analysis to determine the TTPs (Tactics, Techniques, and Procedures) used by threat actors and propose measures to prevent similar incidents in the future.Serve as incident lead or deputy lead for major incidents: coordinate containment/eradication/recovery with stakeholders and ensure evidence is preserved while response actions proceed.Produce high-quality incident reports: executive summary, technical narrative, timeline, root cause, and prioritized remediation recommendations.Own and improve DFIR playbooks, evidence collection checklists, and case documentation standards; conduct quality reviews and coaching.Design/implement analysis automation (scripts, parsers, Velociraptor/KAPE artifacts, SOAR integrations) to reduce time-to-triage and improve consistency.Support threat hunting and detection improvement by translating DFIR findings and Offensive Security TTPs into detection opportunities and telemetry requirements.Mentor DFIR Analysts through case reviews, technical sessions, and training plans; help build specialization (cloud forensics, memory, network, malware triage).Work Schedule and EnvironmentMay require after-hours availability and participation in an on-call rotation, including serving as an escalation point.This role requires calm leadership during high-severity events and management of multiple concurrent investigations.Required Qualifications4–7+ years of experience in DFIR, incident response, threat detection, or digital forensics roles.Demonstrated experience leading complex investigations and coordinating response actions with technical and business stakeholders.Strong proficiency with SIEM/EDR platforms and forensic tooling; ability to acquire, analyze, and interpret evidence across systems.Strong knowledge of incident handling lifecycle and forensic best practices, including chain-of-custody and defensible reporting.Strong analytical and problem-solving skills with the ability to handle complex, multi-layered incidents.Excellent written and verbal communication skills; ability to brief technical and non-technical audiences.Ability to lead and mentor junior team members, fostering a culture of knowledge sharing and collaboration.Relevant certifications (one or more): GCIH, GCFA, GCFE, GNFA, CCDL2, SBTL2, CISSP (or equivalent).Preferred QualificationsCloud DFIR experience (Microsoft 365/Azure, AWS): audit logs, identity investigations, mailbox and file activity analysis.Network forensics experience (pcap analysis, proxy/firewall logs) and/or malware triage experience.Experience improving detection content and automation based on DFIR learnings.Familiarity with regulatory compliance requirements, such as GDPR, HIPAA, and PCI-DSS, and experience in implementing security controls for compliance.Core CompetenciesTechnical leadership and ownership mindsetStructured investigation methodology and attention to detailStakeholder communication and customer empathyOperational excellence (prioritization, documentation, follow-through)What we offerCompetitive salary depending on skills and experience.PTO and 8 Paid Holidays.Employer-paid Health and Dental Insurance for CA employees.Great opportunities for career advancement401k with employer matchingDisability and Life InsuranceAbout Cyber AdvisorsCyber Advisors (CA) is headquartered in Maple Grove, MN. CA is a steadily growing Cybersecurity and IT managed services provider (MSP) that specializes in a customer-focused approach to designing, managing, and maintaining customers' IT environments.
