Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor
Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Systems Analyst
User Interface Designer
Developer
Data Scientist (Tech)
Architectural Designer
Project Manager
Legal Compliance Officer
IT Auditor
Automation Process Engineer
IT Author / Technical Writer
Clinical Researcher / Coordinator
Machine Learning Engineer
Social Media Manager
Systems Engineer
Computer Vision Engineer
IT Service Manager
Data Analyst
Product Manager
Policy Analyst
Learning and Development Specialist
Cognitive Copywriter
Front End Developer
Technical Recruiter
Business Analyst
User Experience Designer
Programmer
Full Stack Developer
Data Engineer
Software Engineer
Deep Learning Engineer
Medical Coder/Programmer
Human Resources Analyst
Robotics Process Analyst
Online/Digital Learning Developer
Network and Systems Administrator
Systems Architect
Tech Sales and Customer Service
Graphic and Animation Designer
IT Program Manager
Web Developer
Business Intelligence Analyst
IT Procurement Officer
Digital Marketing / Communications

Digital Forensics Analyst

PROTECT & DEFEND

Skills

Job Description

Other Titles Include

  • Digital forensics investigator (normally reserved for cybercrime environment)
  • Digital forensics examiner (normally reserved for cyber audit environments)

Note: This role is most commonly found in large or medium-sized organizations.

Reporting relationship

To be completed by the user of this job description as appropriate.

Job purpose / summary

The following role-based description is for security operations only and does not include criminal or audit forensics functions which are provided for within the related law enforcement or audit related occupations.

Conducts digital forensics to analyze evidence from computers, networks, and other data storage devices. This includes investigating and preserving electronic evidence; planning and developing tools; prioritizing activities; and supporting recovery operations and post-incident analysis.

Duties and responsibilities

  • Perform real-time cyber defence incident investigations (e.g., forensic collections, intrusion correlation and tracking, and threat analysis)
  • Investigate security incidents as per terms of reference
  • Plan forensics analysis activities for cyber incidents
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents
  • Identify and accurately report on digital forensic analysis artifacts
  • Capture and analyze network traffic associated with malicious activities using network monitoring tools
  • Contribute to post-analysis on security incidents and make recommendations based on forensics activities
  • Develop and maintain investigative and technical reports
  • Provide technical assistance on digital evidence matters to appropriate personnel
  • Compile evidence for legal cases, and provide expert testimony at court proceedings
  • Manage digital evidence in accordance with appropriate chain of custody requirements
  • Identify and manage secure analysis infrastructure/laboratory
  • Operate digital forensics systems (as required based on function and systems available)
  • Prepare and review forensics policies, standards, procedures and guidelines
  • Develop, deliver, and oversee training material and educational efforts

Tools and Technologies

  • Organizational security policies, procedures and practices
  • Organizational systems maps and network architecture
  • Digital forensics tools, techniques and procedures
  • Malware analysis tools
  • Security Event and Incident Management System
  • Common vulnerability databases
  • Security investigation terms of references, responsibilities and limits of authority

Competencies

KSAs applied at an advanced level:

  • Threat actor tools, techniques and procedures
  • Incident response and handling methodologies
  • Security Event and Incident Management System
  • Digital forensics methodologies, processes and practices
  • Anti-forensics tactics, techniques, and procedure
  • Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data
  • Seizing and preserving digital evidence
  • Applicable laws, regulations, policies and ethics as they relate to investigations and governance
  • Legal rules of evidence and court procedures, presentation of digital evidence, testimony as an expert witness
  • System or device specific forensics (e.g. memory, active director, mobile device, network, computer (dead box), etc.)
  • Malware analysis tools and techniques
  • Reverse engineering
  • Deployable digital forensics capabilities
  • Types of digital forensics including tools, techniques and procedures (organization and information system dependent) which may include the following forensics for:
    • computer
    • network and active directory;
    • mobile devices
    • digital media (image, video, audio)
    • memory.

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary education (degree or diploma in related computer science or IT field) or equivalent training and experience. 

Training in digital forensics tools, techniques and procedures. Also, depending on the organizational technical context and systems/devices used, specialized digital forensics training may be required (e.g mobile device, digital media, etc.)

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. 2-3 years’ experience in an advanced cybersecurity operations role, preferably with malware analysis experience in ‘dead box’ and active environments.

This is often a tier 2/3 position within a cybersecurity operations environment that is normally preceded by a minimum of 2-3 years in a network or operational security role including as a malware analyst. This can lead to increased specialization within digital forensics or security assessment activities as well as red/blue team leader, penetration tester or management roles.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.