Incident Response Forensics Analyst (m/f/d)
At Arctic Wolf, we're not just navigating the cybersecurity landscape - we're redefining it. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. Our impact speaks for itself: we've earned recognition on the Forbes Cloud 100, CNBC Disruptor 50, Fortune Future 50, and Fortune Cyber 60 lists, and we recently took home the 2024 CRN Products of the Year award. We’re proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and earning a Customers' Choice distinction from Gartner Peer Insights. Our Aurora Platform also received CRN’s Products of the Year award in the inaugural Security Operations Platform category. Join a company that’s not only leading, but also shaping, the future of security operations.
Our mission is simple: End Cyber Risk. We’re looking for a Incident Response Forensics Analyst (m/f/d) to be part of making this happen.
Responsibilities
General:
1. Perform as an educated mid to senior-level member of the Incident Response Forensics team, and as a part of the greater Arctic Wolf Incident Response team.
2. Deep understanding of full life-cycle cyber incident investigations from end-to-end (triage/image/log collections and analysis, EDR deployment, securing the environment, etc.)
3. Applied technical and digital forensics expertise with the ability to analyze and identify IOCs, RPOC, vulnerabilities, threats, malware, malicious executables, etc. on Windows and Linux based systems (some Mac OS based system analysis experience is a plus)
4. Assist with the forensic acquisition and analysis from Azure, Amazon Web services (“AWS”) and Google Cloud Platform (“GCP”) environments
5. Demonstrated abilities and professional experience with host-based and network-based digital forensics and security
6. Conduct audits and peer review of incident reports, when needed
7. Foster information sharing and collaboration among internal forensic analyst and restoration team members
8. Participate in weekday escalation and weekend/holiday on call schedules, when needed
Communication and Client Management:
9. Actively participate in large scope, high impact cyber incidents, and support managing Incident Response workflow and activities during incident response efforts with the client.
10. Regularly communicates forensic findings and inquiries via email and calls directly with the client and/or counsel team(s)
11. A strong work ethic self-starter and self-sufficient, while being committed to meeting tight deadlines
12. Demonstrates professionalism, has a positive attitude, and is an extension of Arctic Wolf’s brand in the marketplace.
13. Excellent verbal and written communication skills with an emphasis on customer service
14. Ability to write both high-level and detailed technical and executive summary reports of digital forensic findings
Qualifications
Required:
15. Advanced progression and professional experience involving work directly related to incident response cyber incident cases involving digital forensics, data preservation, configuration, troubleshooting of networks and general IT knowledge
16. Professional, hands-on experience with IR and forensics tools, such as Magnet Axiom, EnCase, FTK, X-Ways, SIFT, Splunk, Redline,
Volatility, Wireshark, tcpdump, and open-source forensic tools
17. End-to-end understanding of engagements and steps within the IR workflow: initial triage, collections, imaging, securing, and hardening of the environment and overall security posture, restoring/rebuilding systems and getting the client functional
18. Can be relied upon as a trusted resource
19. Adept with supporting Microsoft Windows workstations and applications
20. Proficient with firewalls, VPN’s, Active Directory, Group Policy, Linux, and Windows systems
21. Professional work history and experience with Hypervisors, including ESXI / VMWare Hyper-V
22. Provide well-thought-out findings and provide professional guidance, both in technical and non-technical terms, to help customers re-establish business operations
23. Excellent relationship management, customer service, and communication skills in multiple forms (written, conference calls, in-person/virtual meetings)
24. Prior consulting experience within digital forensics or incident response
Preferred:
25. Restoration and recovery experience such as: Skilled with promoting new domain controllers, seizing Flexible Single Master Operations (FSMO) roles, DNS troubleshooting, rebuilding System Volumes (SYSVOL), and rebuilding Distributed File System Replication (DFSR) or File Replication Service (FRS); Expertise with rebuilding and recovering Exchange Systems from Server 2010 onwards; Proficient with Active Directory/Exchange administration; Familiarity with /recover server switch on setup, rebuilding virtual directories, repairing databases, and using recovery databases
26. Passionate about technology and customers and stays current on industry trends
27. Experience navigating networking issues related to firewalls and routers
28. Understanding of various backup solutions (VEEAM, Datto, Barracuda, etc.)
About Arctic Wolf
At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace USA (2021-2024), Best Places to Work – USA (2021-2024), Great Place to Work – Canada (2021-2024), Great Place to Work – UK (2024), and Kununu Top Company – Germany (2024). Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 7,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand globally and enhance our technology, Arctic Wolf remains the most trusted name in the industry.
Our Values :
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity .
We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing
Security Requirements
29. Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
30. Background checks are required for this position.
31. This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.
Ready to Make an Impact?
Apply now with your resume—and if available, your references or work samples. Join one of the fastest-growing and most innovative cybersecurity companies in the world.