CrawlJobs Logo

Senior Digital Forensics Incident Response Analyst

South Africa, Johannesburg · Job Posted March 03, 2026
Apply Position
Job Link Share

Job Description

The Senior Information Security Incident Response Analyst leads complex incident investigations and digital forensic analysis for clients across diverse environments. This role focuses on determining root cause and impact, guiding clients through containment and remediation, and clearly communicating technical findings to both technical and executive stakeholders. The analyst serves as a senior escalation point, mentors and trains junior responders, and contributes to maturing team processes, workflows, and response capabilities. They collaborate with internal teams and external partners while maintaining strong, professional client engagement throughout each incident.

Job Responsibility

  • Investigates security incidents for clients by performing host, disk, memory, network, cloud, and mobile forensics
  • Conducts detailed artifact analysis across Windows, Linux, and macOS systems and reconstructs event timelines using disk images, memory captures, network data, and cloud logs
  • Guides clients through containment, eradication, and recovery activities, providing clear technical recommendations and communications
  • Acts as a senior escalation point for complex incidents and supports the development and mentoring of junior analysts
  • Participates in an on‑call rotation to support urgent, time‑sensitive incident response needs
  • Completes internal and client project work such as tabletop exercises, IR readiness engagements, environment hardening reviews, and forensic assessments
  • Identifies gaps and weaknesses in client environments and provides recommendations to reduce risk and strengthen posture
  • Produces accurate, concise documentation, including investigation notes, status communications, and final reports
  • Collaborates with global DFIR and cyber defense teams and maintains awareness of current threats, tactics, and forensic methodologies

Requirements

  • Bachelor’s degree or equivalent in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred)
  • Relevant GIAC or equivalent certifications such as: GSEC – Security Essentials GCIA – Certified Intrusion Analyst GCIH – Certified Incident Handler
  • Significant hands‑on experience in digital forensics and incident response across host, disk, memory, network, cloud, and mobile environments
  • Advanced experience using SIEM, EDR, IDS/IPS, packet analysis utilities, and forensic toolsets in active investigations
  • Advanced ability to analyze network traffic using tools such as Wireshark or tcpdump to distinguish normal and malicious behavior
  • Experience working in cybersecurity consulting, DFIR services, or equivalent technical security roles
  • Minimum of 5 years of experience in the technology information security industry

Nice to have

Additional DFIR‑related certifications are considered a plus

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Digital Forensics Incident Response Analyst

8 matching positions

Senior Information Security Incident Response Analyst

The Senior Information Security Incident Response Analyst leads complex incident...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred)
  • Relevant GIAC or equivalent certifications such as: GSEC – Security Essentials GCIA – Certified Intrusion Analyst GCIH – Certified Incident Handler
  • Significant hands‑on experience in digital forensics and incident response across host, disk, memory, network, cloud, and mobile environments
  • Advanced experience using SIEM, EDR, IDS/IPS, packet analysis utilities, and forensic toolsets in active investigations
  • Advanced ability to analyze network traffic using tools such as Wireshark or tcpdump to distinguish normal and malicious behavior
  • Experience working in cybersecurity consulting, DFIR services, or equivalent technical security roles
  • Advanced knowledge of digital forensics, including disk and memory image analysis across Windows, Linux, and macOS platforms
  • Strong understanding and experience with network forensics, cloud forensics (Azure, AWS, GCP) and mobile forensics (iOS/Android)
  • Ability to communicate complex technical findings clearly to both technical and non‑technical client stakeholders
  • Strong analytical, critical thinking, and problem‑solving abilities during high‑pressure investigations
Job Responsibility
Job Responsibility
  • Investigates security incidents for clients by performing host, disk, memory, network, cloud, and mobile forensics
  • Conducts detailed artifact analysis across Windows, Linux, and macOS systems and reconstructs event timelines using disk images, memory captures, network data, and cloud logs
  • Guides clients through containment, eradication, and recovery activities, providing clear technical recommendations and communications
  • Acts as a senior escalation point for complex incidents and supports the development and mentoring of junior analysts
  • Participates in an on‑call rotation to support urgent, time‑sensitive incident response needs
  • Completes internal and client project work such as tabletop exercises, IR readiness engagements, environment hardening reviews, and forensic assessments
  • Identifies gaps and weaknesses in client environments and provides recommendations to reduce risk and strengthen posture
  • Produces accurate, concise documentation, including investigation notes, status communications, and final reports
  • Collaborates with global DFIR and cyber defense teams and maintains awareness of current threats, tactics, and forensic methodologies
  • Fulltime
Read More
Arrow Right

Senior Security Monitoring and Response Analyst

Mastercard powers economies and empowers people in 200+ countries and territorie...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
mastercard.com Logo
Mastercard
Expiration Date
November 30, 2026
Flip Icon
Requirements
Requirements
  • Direct experience in a Security Operations Center (SOC)
  • Experience working in an incident response or digital forensics role
  • Demonstrated experience with cybersecurity related disciplines, not limited to: e.g. vulnerability research, network traffic analysis, static and dynamic malware analysis, digital forensics, memory analysis, web-security and threat hunting.
Job Responsibility
Job Responsibility
  • Providing monitoring coverage, triage and investigation of escalated alerts (T3) from various sources
  • Responding to cybersecurity incidents through critical thinking, defining, and applying playbook responses
  • Applying root cause analysis and lessons learned to improve security posture and processes
  • Working closely with security engineering, threat intelligence, insider threat and a managed SOC service, providing critical feedback to improve and automate monitoring and response
  • Strong collaboration with the team to develop knowledge base, playbook and use cases
  • Proactive initiatives and project-related support by providing subject matter expertise
  • Ability to work independently as well as collaborate with different teams to assess impact, mitigate risk, and resolve security incidents.
  • Fulltime
Read More
Arrow Right
New

Director, Security Operations and Incident Response

At Comcast, we are committed to providing secure and reliable services for our c...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant cybersecurity experience, including leadership experience in cybersecurity operations, security incident response, threat hunting, threat detection, or enterprise SOC functions in a large, complex environment with at least 5 years of experience managing leaders of people
  • Demonstrated experience managing high-severity cybersecurity incidents, including executive communications, cross functional coordination, containment strategy, remediation oversight, and post-incident improvement
  • This role supports a 24x7 cybersecurity operation and requires availability outside of standard business hours, including nights, weekends, and holidays, during critical incidents and high-severity security events
  • Strong leadership experience building, managing, and scaling technical security teams, including managers, incident responders, SOC analysts, threat hunters, detection engineers, and specialized security professionals
  • Deep technical understanding of modern security operations, including SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud security, identity security, network security, automation, and detection engineering
  • Experience partnering with engineering teams to build, improve, and operationalize security tools, data platforms, dashboards, automations, telemetry pipelines, and analyst workflows
  • Proven ability to make high-impact decisions under pressure and lead teams through ambiguous, fast-moving security events
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, metrics, and continuous improvement programs
  • Strong understanding of adversary tradecraft, threat hunting methodologies, detection lifecycle management, and frameworks such as MITRE ATT&CK
  • Strong executive communication skills, including the ability to brief senior leaders on risk, impact, operational status, capacity gaps, and recommended actions
Job Responsibility
Job Responsibility
  • Lead and scale Comcast’s SOC, Security Incident Response Team, threat hunting, and threat detection functions, ensuring the organization is trained, equipped, and structured to respond effectively to routine security events and major incidents
  • Build the operating model, staffing approach, escalation paths, runbooks, and surge capacity required to manage multiple concurrent major incidents
  • Serve as a senior incident commander for high-severity cybersecurity events, coordinating response across technical teams, business stakeholders, legal, privacy, communications, and executive leadership
  • Lead Comcast’s threat hunting function to proactively identify adversary behavior, emerging attack patterns, control gaps, and high-risk activity before it becomes a major incident. Including leading Purple Team activities
  • Own and mature the enterprise threat detection strategy, including detection coverage, alert fidelity, tuning, detection lifecycle management, and alignment to threat intelligence, adversary tradecraft, and business risk
  • Partner with security engineering, data engineering, platform engineering, and product teams to design and improve the tools, pipelines, dashboards, automations, and case management workflows used by cyber operations teams
  • Drive continuous improvement across SIEM use cases, endpoint detections, cloud detections, identity detections, network telemetry, enrichment pipelines, automation, and analyst workflows
  • Ensure lessons learned from incidents and hunts directly inform new detections, improved runbooks, stronger controls, and better response procedures
  • Develop and continuously improve incident response strategy, severity models, communications protocols, after-action reviews, and remediation tracking
  • Establish executive reporting on incident trends, SOC performance, detection quality, threat hunting outcomes, operational capacity, readiness gaps, and enterprise risk
What we offer
What we offer
  • Medical, prescription, vision, and dental insurance for eligible employees
  • 401(k) savings plan with dollar-for-dollar matching up to the first 6% of your pay
  • Paid time off including eight observed company holidays and flex time
  • Exclusive perks + discounts, including tuition assistance, commuter benefits and more
  • Fulltime
Read More
Arrow Right

Senior SOC Analyst

We are working with a leading UK IT solutions and managed services provider that...
Location
Location
United Kingdom
Salary
Salary:
50000.00 GBP / Year
dynamicsearch.co.uk Logo
Dynamic Search Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong background in SOC operations, digital forensics, incident response or threat detection
  • Experience leading complex security investigations and responding to high severity incidents
  • Advanced experience working with SIEM platforms, ideally Microsoft Sentinel and Defender XDR
  • Strong KQL knowledge for threat hunting and detection development
  • Experience using scripting languages such as Python or PowerShell for automation
  • Familiarity with digital forensics and investigation tools such as Velociraptor, KAPE or sandbox environments
  • Excellent written and verbal communication skills with the ability to present technical findings clearly
  • Comfortable mentoring junior team members and contributing to team development
Job Responsibility
Job Responsibility
  • Incident Response & Forensics: Lead complex security incidents from detection to remediation, coordinate containment, analyse attacker activity, and support client decision-making during high-severity events
  • Threat Hunting & Detection Engineering: Proactively hunt for threats using advanced KQL analytics, tune SIEM/EDR detections, and develop signatures aligned with MITRE ATT&CK
  • Malware Analysis & Reverse Engineering: Perform malware triage and behavioural analysis, using reverse-engineering tools when required
  • Client Reporting & Communication: Produce clear, high-quality investigation reports, timelines, and intelligence summaries for both technical and non-technical audiences
  • SOC Leadership & Continuous Improvement: Contribute to SOC playbooks, mentor junior analysts, support onboarding of new clients, and enhance processes and tooling
  • On-Call Support: Participate in the 24×7 on-call rota to provide expert support during critical incidents
What we offer
What we offer
  • Fully remote working across the UK
  • Competitive salary with additional benefits depending on experience
  • Opportunity to work within a mature and well supported Security Operations environment
  • Ongoing professional development and training opportunities
  • Exposure to a wide range of client environments and security challenges
  • Supportive culture with a strong focus on collaboration and continuous improvement
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst

We are looking for Senior Cybersecurity Analyst/ Lead Cybersecurity Analyst to j...
Location
Location
Poland , Katowice
Salary
Salary:
12000.00 - 16000.00 PLN / Month
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Advanced analysis of security incidents in onpremises and cloud environments
  • Ability to create monitoring content for SOC security tools
  • Coordinating incident response activities within the SOC and across other teams
  • Advanced skills in collecting and preserving digital evidence across operating systems
  • Understanding of advanced digital forensics techniques
  • Preparing clear and comprehensive incident reports for stakeholders
  • Integrating threat intelligence into incident analysis and response processes
  • Knowledge of incident response planning and strategy development
  • Awareness of legal and regulatory requirements for incident handling
  • Strong understanding of cloud platforms (e.g., AWS, Azure)
Job Responsibility
Job Responsibility
  • Independently conducting in-depth analysis of security incidents for on-premises and cloud infrastructure to identify root causes and potential mitigations
  • Create additional correlation, pivotal or monitoring content to support incident analysis and get updates on ongoing incidents
  • Coordinating incident response efforts within the Cybersecurity Operations Center and with other relevant teams
  • Collecting and preserving digital evidence for forensic analysis
  • Writing new playbooks if needed
  • Incident Reporting
  • Preparing comprehensive incident reports for management and stakeholders
  • Solving problems according to existing report planning
  • Working on different types of alerts (malware, phishing, network)
What we offer
What we offer
  • Luxmed
  • Medicover Sport
  • Worksmile
  • educational platforms
  • languages learning platform
  • referral bonus
  • life insurance
  • workation
  • certifications (paid by the company)
  • conferences
  • Fulltime
Read More
Arrow Right

Senior SOC Analyst

We are seeking a Senior SOC Analyst to lead advanced security monitoring, incide...
Location
Location
South Africa , South Africa
Salary
Salary:
Not provided
overturerede.in Logo
Overture Rede
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, or a related field
  • 3–5 years of experience in SOC operations, incident response, or advanced security monitoring roles
  • One or more of the following advanced certifications: GIAC GCFA (Forensic Analyst) or GNFA (Network Forensics Analyst) GIAC GCTI (Cyber Threat Intelligence) GIAC GSOC (Security Operations Certified) CREST Registered Intrusion Analyst (CRIA) Advanced tool/vendor certifications (e.g., Splunk Enterprise Security Admin, Elastic Security Specialist)
  • Strong expertise in digital forensics, incident handling, and threat intelligence
  • Advanced knowledge of MITRE ATT&CK and threat actor TTPs
  • Proficiency in SIEM query languages (SPL, KQL, Lucene)
  • Experience working in 24×7 enterprise or MSSP SOC environments
  • Strong reporting, documentation, and stakeholder communication skills
Job Responsibility
Job Responsibility
  • Lead advanced incident response activities, including containment, eradication, and recovery
  • Perform digital and network forensic investigations to support incident analysis
  • Conduct proactive threat hunting and advanced detection engineering
  • Analyze threat intelligence and correlate with internal security events
  • Design, tune, and optimize SIEM and SOAR use cases and detection rules
  • Serve as an escalation point for complex security incidents
  • Provide mentorship and technical leadership to junior and intermediate SOC analysts
  • Develop SOC playbooks, procedures, and post-incident reports
  • Collaborate with security architecture and risk teams to improve security posture
What we offer
What we offer
  • Higher responsibility than junior role
  • Career growth opportunity
  • Strong job security
  • Fulltime
Read More
Arrow Right

Senior Application Security Analyst

We are looking for a Senior Application Security Analyst (m/f/d) to join the Inc...
Location
Location
Germany , Hamburg or Berlin
Salary
Salary:
75000.00 - 85000.00 EUR / Year
aboutyou.de Logo
About You
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • min. 5+ years of experience in incident response security
  • Background in Cyber Security, Computer Science or IT Operations
  • Experience in incident response, blue teaming or digital forensics in cloud-native environments
  • Able to write scripts and programs to automate tasks in Python or another programming language
  • Proficient with Linux and a SIEM
  • Experience working with web application firewalls, Cloudflare preferred
  • Good communication and presentation skills, can explain technical terms in non-technical language
  • Fluent English skills (spoken & written)
Job Responsibility
Job Responsibility
  • Set up and maintain DFIR tools and infrastructure
  • Provide first response during security incidents, including digital forensics and post incident risk mitigation
  • Improve monitoring and scanning tools to detect security issues and automate routine tasks
  • Investigate and respond to security alerts in our systems
  • Create and maintain incident response playbooks
  • Keep an eye on current threats and zero-day vulnerabilities in the cyber security space and implement preventative measures within the organization
What we offer
What we offer
  • Hybrid working
  • Fresh fruit every day
  • Sports courses
  • Free access to code.talks
  • Exclusive employee discounts
  • Free drinks
  • Language courses
  • Laracast account for free
  • Company parties
  • Help in the relocation process
  • Fulltime
Read More
Arrow Right

Senior IT Security Operations Analyst

This will support the IT Security Operations Team through Incident Response and ...
Location
Location
Philippines , Manila
Salary
Salary:
Not provided
aurecongroup.com Logo
Aurecon Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Over 4 years of experience in Cyber Security or similar role
  • Incident Response experience is a must
  • Certification as an Incident Handling/ Response Professional, Digital Forensics Professional, Ethical Hacker is a plus
  • Strong sense of responsibility, flexibility, and adaptability to varying request
  • Demonstrate excellent time management and organizational skills
Job Responsibility
Job Responsibility
  • Perform Incident Response activities to manage and mitigate cyber threats
  • Perform first level Digital Forensics to discover and preserve evidence and artifacts
  • Assist to enhance threat hunting with DFIR gathered intelligence
  • Assist to Monitor new and emerging threat actors and techniques through threat intelligence, and DIFR gathered intelligence
  • Support the IT Security Operations Team through Incident Response and Forensics
What we offer
What we offer
  • Flexibility - balance what matters most to you
  • Wellbeing - we priorities your health
  • Recognition - your impact matters
  • Family - support for modern families and carers
  • Community - give back through volunteering days
  • Career development - learn, lead and shape your career
  • Fulltime
Read More
Arrow Right