Senior Forensics Analyst
ABM Industries, Dunwoody, GA, United States
ABM is currently seeking a highly motivated and experienced Senior Forensics Analyst. The Senior Forensics Analyst is a senior technical member of the information security team responsible for leading forensic examinations through collection, processing, analysis and preservation of digital data. This role serves as a subject matter expert in digital forensics and works closely with incident responders, security operations center (SOC) staff, threat hunters, and host and network engineering colleagues. The Senior Forensics Analyst examines digital data and events from computer memory and storage (Windows, Linux, macOS), mobile devices, electronic communications, malware samples and data transmissions across the enterprise. This role provides strategic guidance on forensic processes, mentors junior analysts, and communicates complex technical findings to executive leadership, legal counsel and law enforcement when applicable. The ideal candidate is deeply technical, possesses strong business acumen, and understands how technology is involved in day-to-day operations. The Senior Forensics Analyst demonstrates a track record of leading complex investigations and driving continuous improvement within the forensic and incident response program.
ABM offers a comprehensive benefits package. For information about ABM’s benefits, visit: Recruiting Flyer - Staff & Mgmt.
Responsibilities
Lead and conduct forensic examinations including collection, preservation, processing and analysis of digital data and systems across the enterprise
Serve as the primary subject matter expert for forensic investigations, providing technical direction to incident responders and SOC analysts during escalated security events
Mentor and develop junior forensic analysts, providing guidance on examination techniques, tool usage and professional development
Document comprehensive case notes and communicate analysis findings from initial investigation through closure and post-mortem to technical and non-technical stakeholders
Maintain strict evidence handling procedures including collection, storage, preservation and chain of custody in accordance with legal and regulatory requirements
Conduct investigations across end-user hosts, servers, network infrastructure, mobile devices, peripherals, cloud environments and application systems
Perform advanced malware analysis, reverse engineering and examination of obfuscated code to support threat identification and containment
Develop and refine operational response processes and forensic playbooks for the security operations program
Analyse penetration test reports and threat intelligence to inform forensic readiness and detection capabilities
Effectively communicate findings, strategy and recommendations to stakeholders including technical staff, executive leadership and legal counsel
Recognize and safely utilize attacker tools, tactics and procedures to support discovery, analysis and incident containment
Develop and maintain relationships with engineering, IT, incident response, SOC, software engineering and cross-functional business teams
Analyse systems and data sources for accidental, malicious and unauthorized activities, providing actionable results to management and technical teams
Maintain and improve the forensic lab environment, evaluating new solutions and retaining proficiency with existing tools and methodologies
Participate in and lead briefings from internal forensics as well as from hired consultants, presented to technical and business leadership
Communicate with legal, external firms and law enforcement under management direction when investigations require external coordination
Identify program strengths and weaknesses, recommending improvements to forensic capabilities, skills development and knowledge base
Research emerging cybersecurity threats and forensic techniques to maintain a proactive security posture
Support security initiatives through both predictive and reactive analysis
Perform other duties as assigned
Qualifications Education
Bachelor’s degree preferred in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.
Master’s degree in information assurance, Cybersecurity, Computer Science, Digital Forensics or a related technical field.
Experience
7+ years of combined experience in cybersecurity, incident response and security operations, with a minimum of 4 years in a dedicated digital forensics role
10+ years of combined experience in cybersecurity, incident response, security operations and digital forensics
Holistic experience across Computer Network Defense, Cryptography, Identity Management, Information Assurance, Malware Analysis and Infrastructure Design
Demonstrated expertise with forensic tools including, but not limited to, AccessData Forensic Toolkit (FTK), Magnet Axiom, EnCase, X-Ways, REMnux and SIFT
Proven ability to perform malware analysis, reverse engineering and examination of obfuscated code
Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework
Experience with log and data aggregation systems (SIEM platforms such as Microsoft Sentinel, Splunk or similar)
Proficient scripting ability with one or more languages including Python, PowerShell, JavaScript and Bash
Clear understanding of evidence preservation, chain of custody and legal requirements for digital evidence
Strong understanding of the NIST Cybersecurity Framework and associated controls
Administration experience with network and host configurations, endpoint detection and response (EDR), application security, encryption and cloud services
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Strong verbal and written communication skills with the ability to explain complex technical topics to business leaders
Excellent judgment and the ability to make quick decisions when working with complex situations
Demonstrated ability to lead investigations and mentor junior team members
Self-starter who can work efficiently both independently and with teams
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism
Experience leading forensic investigations in hybrid and multi-cloud environments (Azure, AWS, GCP)
Experience identifying, investigating and responding to complex attacks including advanced persistent threats (APTs)
Demonstrated experience developing forensic processes, playbooks and program maturity initiatives
Experience with vulnerability management platforms (Tenable, Rapid7, Qualys)
Ability to utilize and develop scripts that interact with APIs, automate forensic workflows and assist with alert response
Experience working with legal teams, external counsel and law enforcement on digital investigations
Prior experience mentoring or managing a team of forensic analysts
Extensive experience with core vulnerability management scanners (e.g., Tenable, Rapid7, Qualys)
Understanding of alert triaging, vulnerability detection and response, and data integrity
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Ability to utilize and write scripts that interact with APIs, automate tasks, and assist with alert response
Knowledge of data center network components
Critical thinking and efficient communicator (written and verbal)
Experience identifying, investigating, and responding to complex attacks in hybrid-environments
Certifications
One or more of the following required: GCFE, GCFA, GREM, GCIH, EnCE, CISSP
Two or more of the following preferred: GCFE, GCFA, GREM, GCIH, EnCE, CISSP, CISM, CRISC, CISA, CFCE, CCE
Work Environment and Travel Remote
About Us ABM (NYSE: ABM) is one of the world’s largest providers of integrated facility, engineering, and infrastructure solutions. Every day, our over 100,000 team members deliver essential services that make spaces cleaner, safer, and efficient, enhancing the overall occupant experience.
ABM serves a wide range of market sectors including commercial real estate, aviation, education, mission critical, and manufacturing and distribution. With over $8 billion in annual revenue and a blue-chip client base, ABM delivers innovative technologies and sustainable solutions that enhance facilities and empower clients to achieve their goals. Committed to creating smarter, more connected spaces, ABM is investing in the future to meet evolving challenges and build a healthier, thriving world. ABM: Driving possibility, together.
ABM is an Equal Employment Opportunity (EEO) employer that does not discriminate on the basis of any trait or characteristic protected by applicable federal, state, or local law, including disability and protected veteran status. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.
ABM participates in the U.S. Department of Homeland Security E-Verify program. E-Verify is an internet-based system used to electronically confirm employment eligibility.
ABM is a military-friendly company proudly employing thousands of men and women who have served in the U.S. military. With ABM, you’ll have access to a world‑class training program and ample opportunities to use the skills you developed while serving our country. Whether you’re looking for a frontline or professional position, you can find post‑military career opportunities across ABM.
ABM directs all applicants to apply at www.abm.com/careers. ABM does not accept unsolicited resumes or submissions outside of this portal. Applicants should submit their application by clicking Apply Now.
For more information, visit www.abm.com
#J-18808-Ljbffr
ABM offers a comprehensive benefits package. For information about ABM’s benefits, visit: Recruiting Flyer - Staff & Mgmt.
Responsibilities
Lead and conduct forensic examinations including collection, preservation, processing and analysis of digital data and systems across the enterprise
Serve as the primary subject matter expert for forensic investigations, providing technical direction to incident responders and SOC analysts during escalated security events
Mentor and develop junior forensic analysts, providing guidance on examination techniques, tool usage and professional development
Document comprehensive case notes and communicate analysis findings from initial investigation through closure and post-mortem to technical and non-technical stakeholders
Maintain strict evidence handling procedures including collection, storage, preservation and chain of custody in accordance with legal and regulatory requirements
Conduct investigations across end-user hosts, servers, network infrastructure, mobile devices, peripherals, cloud environments and application systems
Perform advanced malware analysis, reverse engineering and examination of obfuscated code to support threat identification and containment
Develop and refine operational response processes and forensic playbooks for the security operations program
Analyse penetration test reports and threat intelligence to inform forensic readiness and detection capabilities
Effectively communicate findings, strategy and recommendations to stakeholders including technical staff, executive leadership and legal counsel
Recognize and safely utilize attacker tools, tactics and procedures to support discovery, analysis and incident containment
Develop and maintain relationships with engineering, IT, incident response, SOC, software engineering and cross-functional business teams
Analyse systems and data sources for accidental, malicious and unauthorized activities, providing actionable results to management and technical teams
Maintain and improve the forensic lab environment, evaluating new solutions and retaining proficiency with existing tools and methodologies
Participate in and lead briefings from internal forensics as well as from hired consultants, presented to technical and business leadership
Communicate with legal, external firms and law enforcement under management direction when investigations require external coordination
Identify program strengths and weaknesses, recommending improvements to forensic capabilities, skills development and knowledge base
Research emerging cybersecurity threats and forensic techniques to maintain a proactive security posture
Support security initiatives through both predictive and reactive analysis
Perform other duties as assigned
Qualifications Education
Bachelor’s degree preferred in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.
Master’s degree in information assurance, Cybersecurity, Computer Science, Digital Forensics or a related technical field.
Experience
7+ years of combined experience in cybersecurity, incident response and security operations, with a minimum of 4 years in a dedicated digital forensics role
10+ years of combined experience in cybersecurity, incident response, security operations and digital forensics
Holistic experience across Computer Network Defense, Cryptography, Identity Management, Information Assurance, Malware Analysis and Infrastructure Design
Demonstrated expertise with forensic tools including, but not limited to, AccessData Forensic Toolkit (FTK), Magnet Axiom, EnCase, X-Ways, REMnux and SIFT
Proven ability to perform malware analysis, reverse engineering and examination of obfuscated code
Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework
Experience with log and data aggregation systems (SIEM platforms such as Microsoft Sentinel, Splunk or similar)
Proficient scripting ability with one or more languages including Python, PowerShell, JavaScript and Bash
Clear understanding of evidence preservation, chain of custody and legal requirements for digital evidence
Strong understanding of the NIST Cybersecurity Framework and associated controls
Administration experience with network and host configurations, endpoint detection and response (EDR), application security, encryption and cloud services
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Strong verbal and written communication skills with the ability to explain complex technical topics to business leaders
Excellent judgment and the ability to make quick decisions when working with complex situations
Demonstrated ability to lead investigations and mentor junior team members
Self-starter who can work efficiently both independently and with teams
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism
Experience leading forensic investigations in hybrid and multi-cloud environments (Azure, AWS, GCP)
Experience identifying, investigating and responding to complex attacks including advanced persistent threats (APTs)
Demonstrated experience developing forensic processes, playbooks and program maturity initiatives
Experience with vulnerability management platforms (Tenable, Rapid7, Qualys)
Ability to utilize and develop scripts that interact with APIs, automate forensic workflows and assist with alert response
Experience working with legal teams, external counsel and law enforcement on digital investigations
Prior experience mentoring or managing a team of forensic analysts
Extensive experience with core vulnerability management scanners (e.g., Tenable, Rapid7, Qualys)
Understanding of alert triaging, vulnerability detection and response, and data integrity
Advanced understanding of TCP, UDP, HTTP, IP and other network protocols
Ability to utilize and write scripts that interact with APIs, automate tasks, and assist with alert response
Knowledge of data center network components
Critical thinking and efficient communicator (written and verbal)
Experience identifying, investigating, and responding to complex attacks in hybrid-environments
Certifications
One or more of the following required: GCFE, GCFA, GREM, GCIH, EnCE, CISSP
Two or more of the following preferred: GCFE, GCFA, GREM, GCIH, EnCE, CISSP, CISM, CRISC, CISA, CFCE, CCE
Work Environment and Travel Remote
About Us ABM (NYSE: ABM) is one of the world’s largest providers of integrated facility, engineering, and infrastructure solutions. Every day, our over 100,000 team members deliver essential services that make spaces cleaner, safer, and efficient, enhancing the overall occupant experience.
ABM serves a wide range of market sectors including commercial real estate, aviation, education, mission critical, and manufacturing and distribution. With over $8 billion in annual revenue and a blue-chip client base, ABM delivers innovative technologies and sustainable solutions that enhance facilities and empower clients to achieve their goals. Committed to creating smarter, more connected spaces, ABM is investing in the future to meet evolving challenges and build a healthier, thriving world. ABM: Driving possibility, together.
ABM is an Equal Employment Opportunity (EEO) employer that does not discriminate on the basis of any trait or characteristic protected by applicable federal, state, or local law, including disability and protected veteran status. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis.
ABM participates in the U.S. Department of Homeland Security E-Verify program. E-Verify is an internet-based system used to electronically confirm employment eligibility.
ABM is a military-friendly company proudly employing thousands of men and women who have served in the U.S. military. With ABM, you’ll have access to a world‑class training program and ample opportunities to use the skills you developed while serving our country. Whether you’re looking for a frontline or professional position, you can find post‑military career opportunities across ABM.
ABM directs all applicants to apply at www.abm.com/careers. ABM does not accept unsolicited resumes or submissions outside of this portal. Applicants should submit their application by clicking Apply Now.
For more information, visit www.abm.com
#J-18808-Ljbffr