Note: The job is a remote job and is open to candidates in USA. Central Business Solutions Inc. is seeking a Senior Analyst, Investigations and Forensics who will serve as the team’s deep technical specialist for endpoint, cloud, and identity forensics. This role involves leading complex investigations into various security incidents, developing proactive detection capabilities, and integrating AI into investigative workflows.
Responsibilities
- Lead and execute end-to-end digital forensic investigations across endpoint, cloud, email, identity, and SaaS environments
- Conduct deep-dive analysis for insider threat, data exfiltration, IP theft, fraud, employee misconduct, and ethics matter investigations
- Support SIRT as the Advanced Forensic Tier on high-severity security incidents — establishing attribution, root cause, and precise forensic timelines
- Perform forensic imaging and acquisition of endpoints and storage media in accordance with established forensic standards and chain of custody protocols, ensuring evidence integrity from collection through analysis
- Conduct structured forensic analysis using industry-standard platforms including Magnet AXIOM Cyber, Cellebrite Endpoint Collector, Cellebrite Endpoint Investigator, and Sumuri Recon
- Collect, preserve, and analyze digital evidence in a forensically sound manner, maintaining chain of custody and evidentiary integrity throughout
- Produce executive-quality investigation reports suitable for HR proceedings, legal review, litigation support, and regulatory disclosure
- Execute eDiscovery collections from Exchange/O365, cloud platforms, and endpoints in response to legal holds and regulatory requests
- Work closely with Legal to scope, collect, and produce electronically stored information (ESI) with defensible methodology
- Apply custodian-level data scoping, deduplication, and privilege filtering aligned with counsel’s requirements
- Perform advanced log analysis in Google SecOps/Chronicle (YARA-L) and Splunk (SPL)
- Extract and correlate forensic artifacts from CrowdStrike Falcon EDR telemetry across endpoint and cloud workloads
- Query device management platforms (JAMF, Intune, SCCM) to build custodian device profiles and establish asset attribution in support of investigations
- Analyze authentication and access events across identity platforms including Azure AD, Okta, and Zscaler
- Contribute to the development and refinement of internal forensic tooling, detection playbooks, and investigative frameworks
- Design and build AI-assisted investigative workflows using platforms such as Anthropic Claude, Microsoft Copilot, and related enterprise AI tools
- Develop prompt engineering frameworks, structured analysis pipelines, and automation logic that apply large language models to forensic triage, timeline reconstruction, and report drafting
- Evaluate emerging AI capabilities for investigative applicability and lead proof-of-concept development within the team’s forensic environment
- Document and operationalize AI-augmented workflows so that investigative capability is repeatable, auditable, and defensible
- Partner with HR, Legal, and Ethics teams as a trusted technical advisor, translating complex forensic findings into clear, actionable conclusions
- Maintain strict confidentiality and exercise mature judgment when handling matters involving current and former employees at all organizational levels
- Provide testimony or declarations in support of legal proceedings where required
Skills
- 7+ years of progressive experience in digital forensics, cybersecurity investigations, or a closely related discipline
- Demonstrated expertise conducting insider threat, data exfiltration, and employee misconduct investigations in enterprise environments
- Proficiency with enterprise forensic platforms: Magnet AXIOM Cyber, Cellebrite Endpoint Collector and Endpoint Investigator, and Sumuri Recon or comparable tooling
- Strong working knowledge of forensic imaging standards and acquisition methodologies — including write-blocking, hash verification, and documented chain of custody — consistent with industry frameworks such as ACPO, SWGDE, or equivalent
- Hands-on proficiency with EDR platforms — particularly CrowdStrike Falcon — for behavioral analysis, process telemetry, and forensic artifact review
- Strong working knowledge of Microsoft 365 forensics: Exchange Online mail flow and Recoverable Items, Azure AD sign-in and audit logs, Purview Compliance, and MDE
- Solid understanding of endpoint forensics across Windows and macOS: file system artifacts, registry analysis, prefetch/MRU data, browser forensics, and OS-level event logs
- Working knowledge of cloud and SaaS forensic investigation: OAuth and SAML authentication flows, conditional access logs, cloud storage access patterns, and admin audit trails
- Familiarity with network-layer investigation fundamentals: DNS, proxy, VPN, and firewall log analysis sufficient to reconstruct data movement and access patterns
- Proficiency in Google SecOps/Chronicle (YARA-L) for investigation and threat hunting
- Experience using device management platforms (JAMF, Intune, SCCM) for custodian device attribution and asset profiling in the context of investigations
- Proven ability to produce legally defensible, executive-quality investigation reports with precise evidentiary grounding
- Experience supporting eDiscovery processes, including ESI collection, legal hold execution, and custodian data scoping
- Demonstrated hands-on experience using large language model (LLM) platforms — such as Anthropic Claude or Microsoft Copilot — to augment investigative, analytical, or reporting workflows
- Ability to design and implement structured prompting frameworks, analysis pipelines, or automation logic that apply AI to forensic use cases such as timeline synthesis, log triage, anomaly narration, or report generation
- Comfort evaluating AI-generated output critically — understanding where LLM reasoning aids investigation and where human judgment must govern evidentiary conclusions
- Experience or strong aptitude for building lightweight investigative tooling using Python, PowerShell, or similar, with AI as a reasoning or enrichment layer
- Experience working within or directly supporting corporate Legal, HR, or Ethics functions on sensitive employment or litigation matters
- Solid grounding in incident response methodology — including initial triage, scoping, containment sequencing, and post-incident analysis — with experience leading or co-leading high-impact security incidents
- Proficiency in Google SecOps/Chronicle and Splunk (SPL)
- Familiarity with Zscaler proxy log analysis and cloud access security broker (CASB) telemetry
- Prior experience testifying or providing declarations in legal, arbitration, or regulatory proceedings
- Relevant certifications: GCFE, GCFA, EnCE, CFCE, CISSP, or equivalent
Company Overview
Company H1B Sponsorship