← Back to Jobs
Remote
Other
Investigations and Forensics Analyst
CaresoftUnited States🇺🇸United StatesPosted 13 Jul 2026
Quick Overview
Work Type
Remote
Level
Mid Senior
Job Description
Title: Investigations and Forensics Analyst
Location: Remote - United States (EST availability required)
Duration: Contract-to-Hire (Full-Time)
Location: Remote - United States (EST availability required)
Duration: Contract-to-Hire (Full-Time)
Skills:
Progressive experience in digital forensics, cybersecurity investigations, or a closely related discipline.
Demonstrated expertise conducting insider threat, data exfiltration, and employee misconduct investigations in enterprise environments.
Proficiency with enterprise forensic platforms: Magnet AXIOM Cyber, Cellebrite Endpoint Collector and Endpoint Investigator, and Sumuri Recon or comparable tooling.
Strong working knowledge of forensic imaging standards and acquisition methodologies - including write-blocking, hash verification, and documented chain of custody - consistent with industry frameworks such as ACPO, SWGDE, or equivalent.
Hands-on proficiency with EDR platforms - particularly CrowdStrike Falcon - for behavioral analysis, process telemetry, and forensic artifact review.
Strong working knowledge of Microsoft 365 forensics: Exchange Online mail flow and Recoverable Items, Azure AD sign-in and audit logs, Purview Compliance, and MDE.
Solid understanding of endpoint forensics across Windows and macOS: file system artifacts, registry analysis, prefetch/MRU data, browser forensics, and OS-level event logs.
Working knowledge of cloud and SaaS forensic investigation: OAuth and SAML authentication flows, conditional access logs, cloud storage access patterns, and admin audit trails.
Familiarity with network-layer investigation fundamentals: DNS, proxy, VPN, and firewall log analysis sufficient to reconstruct data movement and access patterns.
Proficiency in Google SecOps/Chronicle (YARA-L) for investigation and threat hunting.
Experience using device management platforms (JAMF, Intune, SCCM) for custodian device attribution and asset profiling in the context of investigations.
Proven ability to produce legally defensible, executive-quality investigation reports with precise evidentiary grounding.
Experience supporting eDiscovery processes, including ESI collection, legal hold execution, and custodian data scoping.
Demonstrated hands-on experience using large language model (LLM) platforms - such as Anthropic Claude or Microsoft Copilot - to augment investigative, analytical, or reporting workflows.
Ability to design and implement structured prompting frameworks, analysis pipelines, or automation logic that apply AI to forensic use cases such as timeline synthesis, log triage, anomaly narration, or report generation.
Comfort evaluating AI-generated output critically - understanding where LLM reasoning aids investigation and where human judgment must govern evidentiary conclusions.
Experience or strong aptitude for building lightweight investigative tooling using Python, PowerShell, or similar, with AI as a reasoning or enrichment layer.
Progressive experience in digital forensics, cybersecurity investigations, or a closely related discipline.
Demonstrated expertise conducting insider threat, data exfiltration, and employee misconduct investigations in enterprise environments.
Proficiency with enterprise forensic platforms: Magnet AXIOM Cyber, Cellebrite Endpoint Collector and Endpoint Investigator, and Sumuri Recon or comparable tooling.
Strong working knowledge of forensic imaging standards and acquisition methodologies - including write-blocking, hash verification, and documented chain of custody - consistent with industry frameworks such as ACPO, SWGDE, or equivalent.
Hands-on proficiency with EDR platforms - particularly CrowdStrike Falcon - for behavioral analysis, process telemetry, and forensic artifact review.
Strong working knowledge of Microsoft 365 forensics: Exchange Online mail flow and Recoverable Items, Azure AD sign-in and audit logs, Purview Compliance, and MDE.
Solid understanding of endpoint forensics across Windows and macOS: file system artifacts, registry analysis, prefetch/MRU data, browser forensics, and OS-level event logs.
Working knowledge of cloud and SaaS forensic investigation: OAuth and SAML authentication flows, conditional access logs, cloud storage access patterns, and admin audit trails.
Familiarity with network-layer investigation fundamentals: DNS, proxy, VPN, and firewall log analysis sufficient to reconstruct data movement and access patterns.
Proficiency in Google SecOps/Chronicle (YARA-L) for investigation and threat hunting.
Experience using device management platforms (JAMF, Intune, SCCM) for custodian device attribution and asset profiling in the context of investigations.
Proven ability to produce legally defensible, executive-quality investigation reports with precise evidentiary grounding.
Experience supporting eDiscovery processes, including ESI collection, legal hold execution, and custodian data scoping.
Demonstrated hands-on experience using large language model (LLM) platforms - such as Anthropic Claude or Microsoft Copilot - to augment investigative, analytical, or reporting workflows.
Ability to design and implement structured prompting frameworks, analysis pipelines, or automation logic that apply AI to forensic use cases such as timeline synthesis, log triage, anomaly narration, or report generation.
Comfort evaluating AI-generated output critically - understanding where LLM reasoning aids investigation and where human judgment must govern evidentiary conclusions.
Experience or strong aptitude for building lightweight investigative tooling using Python, PowerShell, or similar, with AI as a reasoning or enrichment layer.
Nice to have:
Experience working within or directly supporting corporate Legal, HR, or Ethics functions on sensitive employment or litigation matters.
Solid grounding in incident response methodology - including initial triage, scoping, containment sequencing, and post-incident analysis - with experience leading or co-leading high-impact security incidents.
Proficiency in Google SecOps/Chronicle and Splunk (SPL).
Familiarity with Zscaler proxy log analysis and cloud access security broker (CASB) telemetry.
Prior experience testifying or providing declarations in legal, arbitration, or regulatory proceedings.
Relevant certifications: GCFE, GCFA, EnCE, CFCE, CISSP, or equivalent.
Experience working within or directly supporting corporate Legal, HR, or Ethics functions on sensitive employment or litigation matters.
Solid grounding in incident response methodology - including initial triage, scoping, containment sequencing, and post-incident analysis - with experience leading or co-leading high-impact security incidents.
Proficiency in Google SecOps/Chronicle and Splunk (SPL).
Familiarity with Zscaler proxy log analysis and cloud access security broker (CASB) telemetry.
Prior experience testifying or providing declarations in legal, arbitration, or regulatory proceedings.
Relevant certifications: GCFE, GCFA, EnCE, CFCE, CISSP, or equivalent.
Skills
OAuth
SAML
Splunk
Arbitration
Azure
Compliance
DNS
LLM
Litigation
PowerShell
Python
Triage
Similar jobs
TECHNICAL PRODUCT LEAD
Connect Tech+Talent · United States
44 minutes agoOracle Order
StratEdge It consulting INC · Sunnyvale, United States
44 minutes agoLMS Administration & Training Operations
Innovecture · United States
1 hour agoSenior Trading Analyst
Vistra Corp · Irving, United States
1 hour agoInformation Assurance Systems Administrator
Booz Allen Hamilton · Leavenworth, United States
1 hour ago$61.9k - $141k/yrTechnical Project Lead
Seek Thermal · Santa Barbara, United States
2 hours ago