EY
Cyber Triage and Forensic Senior Analyst – Join EY to help protect our clients and the EY brand through expert incident response and digital forensic analysis.
Opportunity
The Cyber Triage and Forensic (CTF) Incident Analyst will serve as a senior technical team member, acting as an escalation point for suspected or confirmed security incidents. Responsibilities include performing digital forensic analysis, following security incident response methodologies, analysing malware, identifying indicators of compromise, supporting or coordinating remediation efforts, and developing documentation to support the security incident response process. Key Responsibilities
Investigate, coordinate, resolve, and report on security incidents as they arise. Forensically analyze end‑user systems and servers with potential indicators of compromise. Analyse artifacts collected during a security incident or forensic investigation. Identify security incidents through hunting operations within SIEM, EDR, and other tools. Interface with server owners, system custodians, and IT contacts to pursue incident response activities, including access acquisition, artifact collection, containment, and remediation. Provide consultation and assessment on perceived security threats. Maintain, manage, improve, and update incident response processes and protocol documentation. Provide regular reporting and metrics on case work. Resolve incidents by identifying root cause and recommending solutions. Develop fact‑based investigative reports. Be on‑call to deliver global incident response. Skills and Attributes
Resolution of security incidents by identifying root cause and solutions. Document findings in investigative reports. Demonstrated integrity and judgment in a professional environment. Ability to balance work and personal priorities. Bachelor’s or Master’s Degree in Computer Science, Information Systems, Engineering, or a related field. 7+ years of experience in incident response, computer forensics analysis, and/or malware reverse engineering. Understanding of security threats, vulnerabilities, and incident response. Knowledge of electronic investigation, forensic tools, and methodologies, including log correlation and analysis, forensic handling of electronic data, computer security investigative processes, and malware identification and analysis. Familiarity with legalities surrounding electronic discovery and analysis. Experience with EDR and SIEM technologies (e.g., Splunk). Deep understanding of Windows and Unix/Linux operating systems. Preferred Qualifications
Professional certifications such as GCFE, GCFA, or GREM. Experience in security incident response in cloud environments, such as Azure. Programming skills in PowerShell, Python and/or C/C++. Understanding of best security practices for network architecture and server configuration. What We Look For
Integrity and professionalism. Independent work capability. Global mindset and cultural adaptability. Knowledgeable in industry standard incident response processes, procedures, and lifecycle. Positive attitude and strong teamwork. Excellent social, communication, and writing skills. Presentation skills. Investigation, analytical, and problem‑solving skills. Benefits and Compensation
Competitive base salary: $128,100–$239,600 (US). Additional benefits include medical and dental coverage, pension and 401(k), and a comprehensive paid time‑off package. Hybrid model with a time‑based expectation of 40–60% onsite for client‑serving roles. Flexible vacation policy with EY Paid Holidays and additional leave options. Seniority Level
Mid‑Senior level Employment Type
Full‑time Job Function
Other, Information Technology, and Management (Professional Services) Apply Today
EY accepts applications for this position on an ongoing basis. For those living in California, please
click here for additional information . EY is committed to high‑ethical standards and integrity, and we expect all candidates to demonstrate these values. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
#J-18808-Ljbffr
The Cyber Triage and Forensic (CTF) Incident Analyst will serve as a senior technical team member, acting as an escalation point for suspected or confirmed security incidents. Responsibilities include performing digital forensic analysis, following security incident response methodologies, analysing malware, identifying indicators of compromise, supporting or coordinating remediation efforts, and developing documentation to support the security incident response process. Key Responsibilities
Investigate, coordinate, resolve, and report on security incidents as they arise. Forensically analyze end‑user systems and servers with potential indicators of compromise. Analyse artifacts collected during a security incident or forensic investigation. Identify security incidents through hunting operations within SIEM, EDR, and other tools. Interface with server owners, system custodians, and IT contacts to pursue incident response activities, including access acquisition, artifact collection, containment, and remediation. Provide consultation and assessment on perceived security threats. Maintain, manage, improve, and update incident response processes and protocol documentation. Provide regular reporting and metrics on case work. Resolve incidents by identifying root cause and recommending solutions. Develop fact‑based investigative reports. Be on‑call to deliver global incident response. Skills and Attributes
Resolution of security incidents by identifying root cause and solutions. Document findings in investigative reports. Demonstrated integrity and judgment in a professional environment. Ability to balance work and personal priorities. Bachelor’s or Master’s Degree in Computer Science, Information Systems, Engineering, or a related field. 7+ years of experience in incident response, computer forensics analysis, and/or malware reverse engineering. Understanding of security threats, vulnerabilities, and incident response. Knowledge of electronic investigation, forensic tools, and methodologies, including log correlation and analysis, forensic handling of electronic data, computer security investigative processes, and malware identification and analysis. Familiarity with legalities surrounding electronic discovery and analysis. Experience with EDR and SIEM technologies (e.g., Splunk). Deep understanding of Windows and Unix/Linux operating systems. Preferred Qualifications
Professional certifications such as GCFE, GCFA, or GREM. Experience in security incident response in cloud environments, such as Azure. Programming skills in PowerShell, Python and/or C/C++. Understanding of best security practices for network architecture and server configuration. What We Look For
Integrity and professionalism. Independent work capability. Global mindset and cultural adaptability. Knowledgeable in industry standard incident response processes, procedures, and lifecycle. Positive attitude and strong teamwork. Excellent social, communication, and writing skills. Presentation skills. Investigation, analytical, and problem‑solving skills. Benefits and Compensation
Competitive base salary: $128,100–$239,600 (US). Additional benefits include medical and dental coverage, pension and 401(k), and a comprehensive paid time‑off package. Hybrid model with a time‑based expectation of 40–60% onsite for client‑serving roles. Flexible vacation policy with EY Paid Holidays and additional leave options. Seniority Level
Mid‑Senior level Employment Type
Full‑time Job Function
Other, Information Technology, and Management (Professional Services) Apply Today
EY accepts applications for this position on an ongoing basis. For those living in California, please
click here for additional information . EY is committed to high‑ethical standards and integrity, and we expect all candidates to demonstrate these values. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
#J-18808-Ljbffr