Digital Forensics Specialist
Location: Cheltenham,Gloucestershire (hybrid working)
We’re seeking a highly skilledDigital Forensics Specialist to join our Cyber Incident Response Team. Inthis pivotal role, you will lead forensic acquisition, analysis, and evidencepreservation across endpoint, cloud, identity, and network environments. You’llplay a critical part in high-severity incident response investigations,providing deep technical expertise, uncovering attacker activity, andstrengthening the organisation’s overall forensic readiness.
If you thrive in complexinvestigations, excel at uncovering the truth hidden in digital artifacts, andenjoy working in a fast-paced cyber defence environment - this role is for you.
Key Responsibilities:
* Conduct forensic acquisition andanalysis across: Windows, Linux, and macOS endpoints, Cloud environments(e.g., M365, Azure), Email systems and mobile devices.
* Collect and preserve evidencefollowing chain-of-custody and legal standards.
* Perform disk, filesystem, and memoryforensics including: Process analysis, persistence identification, malwareprocess tree investigation, registry and artifact analysis, and timelinereconstruction.
* Support all phases of incidentresponse, from detection through post-incident review.
* Provide expert forensic insight duringhigh-severity cyber incidents.
* Analyse endpoint and cloud telemetryto determine root cause, attack paths, and impact.
* Document clear, defensible forensicreports and investigation summaries.
* Identify malicious scripts, binaries,macros, and LOLBin activity.
* Collaborate with threat intelligenceteams to map findings to known campaigns or malware families.
* Recommend detection improvements anddevelop SIEM/XDR analytics based on forensic findings.
* Build KQL-based hunting queries toidentify hidden or emerging threats.
* Contribute to IR playbooks and broaderforensic readiness initiatives.
Experience Required:
* 5+ years hands-onexperience in digital forensics or incident response.
* Proven forensic acquisition andanalysis experience in enterprise environments.
* Strong background in cloud forensics(M365/Azure preferred).
* Experience building timelines fromdiverse data sources (endpoint, cloud, email, network).
* Practical knowledge of industry toolsand frameworks such as: KAPE, Velociraptor, Autopsy, EnCase, FTK,Cellebrite, Magnet Axiom, Volatility/memory forensics tools, and SysinternalsSuite (Autoruns, Procmon, PsTools).
Qualifications & Skills:
* Bachelor’s degree in Cybersecurity,Digital Forensics, Computer Science, or related field (or equivalentexperience).
* Preferred certifications include: GIACGCFA, GREM, GDAT, GCIH, GCIA, Microsoft SC-200, SC-300, AZ-500, and CHFI,CFCE, or equivalent DFIR credentials.
* Strong understanding of: Diskstructures, registry hives, OS and browser artifacts, attacker TTPs mappedto MITRE ATT&CK, and windows artifacts such as Event Logs, Prefetch,Shimcache, Amcache, MFT, USN Journal.
* Proficiency in memory forensics usingVolatility or equivalent tools.
* Ability to identify persistence,privilege escalation, lateral movement, and malicious execution chains.
Experience analysing M365 indicators(MailItemsAccessed, mailbox rules, token misuse, OAuth abuse, anomalousmessaging).
* Ability to pivot across investigativedata sources including: Defender XDR, Unified Audit Logs (UAL), Graph API,Microsoft Sentinel
Spirax Group is a FTSE100 and FTSE4Good multi-national industrial engineering Group with expertise in the control and management of steam, electric thermal solutions, peristaltic pumping and associated fluid technologies.
Our Purpose is to create sustainable value for all our stakeholders as we engineer a more efficient, safer and sustainable world. Our technologies play an essential role in critical industrial processes and industrial equipment across industries as diverse as Food & Beverage, Pharmaceutical & Biotechnology, Power Generation, Semiconductors and Healthcare. With customers in 165 countries, we provide the solutions that sit behind the production of many items used in daily life, from baked beans to mobile phones!
Our Purpose, supported by our inclusive culture and Values, unites us, guides our decisions and inspires us everywhere that we operate. We support our colleagues to make their difference for each other as well as customers, communities, suppliers, our planet and shareholders by creating a truly equitable working environment where everyone feels included.
Benefits
You will receive a competitive salary (and a discretionary bonus), flexible working and excellent benefits including 27 days holiday allowance (before bank holidays), 3 days’ paid volunteering leave, comprehensive private healthcare, enhanced pension plan, life assurance, optional participation in a Share Ownership Plan, free onsite parking, flexible benefits, and access to a personal discounts’ portal. We also offer a range of additional support and benefits through our Everyone is Included Group Inclusion Plan, detailed below.
Everyone is Included at Spirax Group
We are passionate about creating inclusive and equitable working cultures where everyone can be themselves and achieve their full potential. For us, that means supportive teams and strong relationships where everyone’s contribution is valued - across social and cultural backgrounds, ethnicities, ages, genders, gender identities, abilities, neurodiversity, sexual orientation, religious beliefs, and everything else that makes us human and unique.
We want everyone to be able to make their difference here, so we will always consider requests for flexible working.
We know that everyone needs some extra help from time to time too, so we have introduced a range of additional benefits through our Group Inclusion Commitments. These include gender-neutral parental leave, 15 days of extra paid caregiver leave, paid time off and support for anyone experiencing pregnancy loss or domestic abuse, menopause-friendly workplace principles and more. Learn more atwww.spiraxgroup.com/en/life-at-spirax/our-inclusive-group/our-inclusion-commitments.
We are also a Disability Confident Committed Employer. If you would like to apply using this scheme, please select this option in our application form or notify our recruitment partners.
#J-18808-Ljbffr