EY
Cyber Triage and Forensic Senior Analyst
Join EY and apply for the
Cyber Triage and Forensic Senior Analyst
role to protect valuable data and information systems. Our Information Security team of nearly 950 professionals works globally to support the business by developing secure products and services, detecting and responding to security events, and maintaining client trust.
Key Responsibilities
Investigate, coordinate, bring to resolution, and report on security incidents as they are identified.
Forensically analyze end‑user systems and servers with potential indicators of compromise.
Analyze artifacts collected during security incidents and forensic investigations.
Identify security incidents through hunting operations within SIEM, EDR, and other relevant tools.
Interface with server owners, system custodians, and IT contacts to pursue incident response activities, including system access, digital artifact collection, containment, and remediation.
Provide consultation and assessment on perceived security threats.
Maintain, manage, improve, and update incident process and protocol documentation.
Regularly provide reporting and metrics on case work.
Resolve incidents by identifying root cause and solutions.
Develop fact‑based reports from investigative findings.
Be on‑call to deliver global incident response.
Qualifications and Attributes for Success
Bachelor’s or Master’s degree in Computer Science, Information Systems, Engineering, or a related field.
7+ years of experience in incident response, computer forensics analysis, or malware reverse engineering.
Deep understanding of Windows and Unix/Linux operating systems.
Proficiency with EDR and SIEM technologies (e.g., Splunk).
Understanding of security threats, vulnerabilities, and incident response processes.
Experience with forensic tools and methodologies, including log correlation and analysis, electronic data handling, and malware identification.
Familiarity with legalities surrounding electronic discovery and analysis.
Strong judgment, integrity, and the ability to balance work and personal priorities.
Excellent investigative, analytical, and problem‑solving skills.
Positive attitude, team‑spirit, and strong communication, writing, presentation, and social skills.
Ideally You’ll Also Have
Relevant professional certifications such as GCFE, GCFA, or GREM.
Background in incident response within cloud environments (e.g., Azure).
Programming skills in PowerShell, Python, and/or C/C++.
Understanding of best security practices for network architecture and server configuration.
What We Offer You
Comprehensive compensation and benefits package with performance‑based recognition. Base salary range in the US: $128,100 to $239,600. Additional geographic ranges apply.
Medical and dental coverage, pension and 401(k) plans, and a wide array of paid time off options.
Hybrid work model: most external, client‑serving roles work together in person 40–60% of the time over the course of an engagement, project, or year.
Flexible vacation policy allowing you to decide how much vacation time you need.
Time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and additional leaves of absence.
EY accepts applications for this position on an ongoing basis. For those living in California, please review additional information.
EY focuses on high‑ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or requesting an accommodation during any part of the application process, please call 1‑800‑EY‑HELP3 or email the TSS at ssc.customersupport@ey.com.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
#J-18808-Ljbffr
Cyber Triage and Forensic Senior Analyst
role to protect valuable data and information systems. Our Information Security team of nearly 950 professionals works globally to support the business by developing secure products and services, detecting and responding to security events, and maintaining client trust.
Key Responsibilities
Investigate, coordinate, bring to resolution, and report on security incidents as they are identified.
Forensically analyze end‑user systems and servers with potential indicators of compromise.
Analyze artifacts collected during security incidents and forensic investigations.
Identify security incidents through hunting operations within SIEM, EDR, and other relevant tools.
Interface with server owners, system custodians, and IT contacts to pursue incident response activities, including system access, digital artifact collection, containment, and remediation.
Provide consultation and assessment on perceived security threats.
Maintain, manage, improve, and update incident process and protocol documentation.
Regularly provide reporting and metrics on case work.
Resolve incidents by identifying root cause and solutions.
Develop fact‑based reports from investigative findings.
Be on‑call to deliver global incident response.
Qualifications and Attributes for Success
Bachelor’s or Master’s degree in Computer Science, Information Systems, Engineering, or a related field.
7+ years of experience in incident response, computer forensics analysis, or malware reverse engineering.
Deep understanding of Windows and Unix/Linux operating systems.
Proficiency with EDR and SIEM technologies (e.g., Splunk).
Understanding of security threats, vulnerabilities, and incident response processes.
Experience with forensic tools and methodologies, including log correlation and analysis, electronic data handling, and malware identification.
Familiarity with legalities surrounding electronic discovery and analysis.
Strong judgment, integrity, and the ability to balance work and personal priorities.
Excellent investigative, analytical, and problem‑solving skills.
Positive attitude, team‑spirit, and strong communication, writing, presentation, and social skills.
Ideally You’ll Also Have
Relevant professional certifications such as GCFE, GCFA, or GREM.
Background in incident response within cloud environments (e.g., Azure).
Programming skills in PowerShell, Python, and/or C/C++.
Understanding of best security practices for network architecture and server configuration.
What We Offer You
Comprehensive compensation and benefits package with performance‑based recognition. Base salary range in the US: $128,100 to $239,600. Additional geographic ranges apply.
Medical and dental coverage, pension and 401(k) plans, and a wide array of paid time off options.
Hybrid work model: most external, client‑serving roles work together in person 40–60% of the time over the course of an engagement, project, or year.
Flexible vacation policy allowing you to decide how much vacation time you need.
Time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and additional leaves of absence.
EY accepts applications for this position on an ongoing basis. For those living in California, please review additional information.
EY focuses on high‑ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or requesting an accommodation during any part of the application process, please call 1‑800‑EY‑HELP3 or email the TSS at ssc.customersupport@ey.com.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
#J-18808-Ljbffr