Cyber Forensic Investigator - Digital Forensics and Incident Response Team (DFIR)

Experian Allen, TX

The Digital Forensics and Incident Response (DFIR) team is responsible for supporting Experian's Global Business units by investigating Cyber Security Incidents, violation of company policy, and fraud. The DFIR Team reports to the Director of Security Operations as a function of the Experian Global Security Office.


The Cyber Forensic Investigator within Experian's Digital Forensic and Incident Response Team will provide advanced digital forensics and incident response services to Experian's Businesses through preservation, collection, and analysis of electronically stored information (ESI) using the latest forensic technology and forensic methodologies within an enterprise environment. Will also be responsible for maintaining the daily Forensic Lab operations and readiness.

This position will regularly work with multiple Business Units and support the strategies of the Director of Security Operations and the Chief Information Security Officer. This position reports to the Manager of the DFIR and involves supporting other EGSO team members to include research, data gathering, support daily operations of the Forensic Lab, maintaining proper case and evidence documentation and routine case metric reporting.


* A minimum of 5 years or equivalent of demonstrated technical experience involving the digital forensic analysis (including memory forensics and dynamic malware analysis)

* Currently maintaining one or more professional certifications related to Digital Forensics or Incident Response (e.g., GCFE, GCFA, GREM, EnCe, CFCE)

* Demonstrate and maintain a proficiency forensic investigation techniques using a variety of commercial and open source digital forensic tools (e.g., EnCase, FTK, X-Ways, SIFT Workstation, NUIX)

* Experienced with conducting Incident Response and Forensic investigations within a global enterprise across multiple platforms and technologies.

* Ability to independently investigate complex cases including cyber security incidents, intellectual property theft, fraud and abuse, asset misuse, and violations of corporate policy.

* Responsible for preserving ESI data from a variety of platforms and sources; including laptops, desktops, servers, cloud services, mobile devices, and storage media in a manner that follows industry best practices and maintains forensic integrity.

* Demonstrate a strong understanding of file system and internal system artifacts a variety of operating systems (e.g., Windows, Linux, Mac OSX).

* General working knowledge of networking protocols, security technologies, and application services.

* Ability to interpret device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify anomalies or evidence of compromise.

* Possesses excellent report writing skills and the ability to present findings to management, legal and business leaders.

* Experienced with operating and maintaining a Digital Forensics Lab Environment, including all technologies, evidence, and processes.

* Establish and maintain excellent working relationships with stakeholders, management, and infrastructure support teams throughout the global organization.

* Ability to work hours or shifts outside of normal work hours and travel when supporting major security incidents or high priority investigations.

* Works well in a team environment, with the ability to lead and coach members of the larger team.