Job Overview:
We are seeking a DFIR Analyst to join our team, leveraging their technical expertise and investigative mindset to support forensic investigations and incident response engagements. The ideal candidate will have a methodical approach to problem-solving, ensuring investigations are thoroughly documented and findings are communicated effectively to both technical and non-technical stakeholders.
This role requires experience with CrowdStrike, Magnet Axiom, SIFT Workstations, Scripting, artefact tools such as EZTools and parsers, and AWS, along with strong technical foundation skills in systems administration and networking. The successful candidate should be comfortable translating forensic requirements and guiding clients through incident triage and response strategies.
Key Responsibilities:
* Conduct digital forensic investigations across endpoint, network, and cloud environments.
* Perform incident response investigations, working across multiple environments, including on-premises and cloud-based infrastructures (AWS & Azure).
* Utilise CrowdStrike, Magnet Axiom, X-Ways, and SIFT Workstations to collect and analyse forensic evidence.
* Develop and script tooling for the task at hand.
* Support forensic and incident response engagements by documenting findings, writing detailed reports, and delivering presentations to both technical and non-technical stakeholders.
* Work closely with clients to understand their forensic and security requirements, translating them into actionable investigation strategies.
* Develop and refine forensic methodologies and procedures to ensure consistent, high-quality investigations.
* Provide guidance and best practices on forensic readiness and security incident management.
* Collaborate with threat intelligence teams to correlate forensic findings with threat actor tactics, techniques, and procedures (TTPs).
* Conduct compromise assessments and proactive threat hunting using forensic tools and log analysis.
* Assist in the triage and scoping of incidents, working directly with clients and our client account management team to define investigative priorities.
* Support cloud forensics investigations, ensuring the correct collection, handling, and analysis of digital evidence in AWS and Azure environments.
Key Skills & Experience:
* Proven experience in DFIR, with hands-on expertise in forensic analysis, incident response, and threat investigations ideally in a consultancy capacity.
* Technical background (e.g., previous experience as a systems or network administrator) with a solid understanding of operating systems, networking, and security architectures.
* Strong knowledge of AWS and Azure security architectures, including how to perform forensic investigations in cloud environments.
* Experience with log analysis, endpoint forensics, and memory forensics.
* Strong analytical and problem-solving skills, with a methodical and detail-oriented approach to investigations.
* Excellent documentation and reporting skills, ensuring investigation findings are communicated clearly and accurately.
* Ability to translate complex forensic concepts into client-friendly language, supporting engagement with both technical and executive stakeholders.
* Experience with forensic data preservation, chain of custody, and evidential procedures.
* Familiarity with threat intelligence frameworks (MITRE ATT&CK, TTP mapping, IOC development).
* Certifications such as GCFA, GCIH, CISSP, AWS Security Specialty, Azure Security Engineer, or equivalent are desirable.
* Offensive certifications are an advantage
Who You Are:
* A methodical thinker with a structured approach to forensic investigations.
* Be comfortable delivering training and talks internally to clients and public facing
* A strong communicator, capable of presenting complex findings in a clear and concise manner.
* Keen on research and writing blog content for the PTP blog site
* Self-starter with the ability to work independently and take ownership of tasks.
* Able to work with minimal supervision and drive projects forward proactively.
* Comfortable working autonomously and making decisions, resolving issues within agreed frameworks.
* Able to deliver engaging DFIR presentations to prospective clients and collaborate with sales teams to develop proposals and support business development efforts.
* Excellent time management, and the ability to accurately track hours and days worked in Salesforce while forecasting workload and planning ahead
* Demonstrates initiative and a proactive approach to problem solving.
* Thrives in a fast-paced environment without requiring close supervision.
* Proactive self-starter with strong problem-solving skills, able to work independently, take ownership of tasks, and drive results with minimal supervision
* Someone with a passion for cybersecurity, eager to stay ahead of emerging threats and forensic techniques.
If you are a technical, detail-oriented DFIR professional with experience in on-prem and cloud forensics, we’d love to hear from you!
Current benefits include:
* Competitive salary based on experience
* 25 days holiday + 8 bank holidays
* Private Medical Insurance and Healthcare Benefit opt in on completion of probation
* Life insurance cover
* Group personal pension
* Financing available for training and conference attendance
* EV lease salary sacrifice scheme on completion of probation
* An environment where you can flourish, learn, and grow, as a person not just as an employee