Digital Forensics & Incident Response (DFIR) Specialist (3-6 Years Experience)
Position Overview
We are looking for an experienced Digital Forensics & Incident Response (DFIR) Specialist with 3-6 years of hands‑on expertise in forensic investigation, acquisition of system images, handling digital evidence, and responding to security incidents. The ideal candidate should have strong technical skills in forensic artifact collection, root‑cause analysis, and incident response operations. Relevant cybersecurity/digital forensics certifications are preferred.
Key Responsibilities
Digital Forensics
Perform forensic acquisition of endpoints, servers, memory dumps, removable media, virtual machines, cloud workloads, and mobile devices. Collect, preserve, and analyze forensic artifacts , including:Windows artifacts: Event Logs, Registry, Prefetch, Amcache, ShimCache, SRUM, Jump Lists.Network artifacts: PCAPs, firewall logs, DNS logs, proxy logs.Browser and application artifacts.Linux/macOS log and filesystem artifacts. Capture and validate full disk images (logical and physical) using industry-standard forensic tools. Maintain proper Chain of Custody (CoC) documentation for all acquired evidence. Conduct timeline analysis, malware behavior analysis (basic to intermediate), and identify Indicators of Compromise (IOCs). Produce detailed forensic reports suitable for technical teams, legal teams, and leadership. Incident Response
Act as part of the IR team during suspected or confirmed security incidents. Perform incident triage, scope analysis, containment recommendations, and eradication steps. Investigate:Malware infectionsRansomware eventsWeb/application compromiseCloud security incidentsInsider threat casesUnauthorized access events Work closely with SOC teams to correlate security alerts with forensic evidence. Assist in developing and refining IR playbooks , runbooks, and procedures. Support post-incident activities including lessons learned, reporting, and prevention planning. Tools & Technologies
Hands-on experience with tools like:
Forensic Suites: EnCase, FTK, X-Ways, Magnet Axiom, Autopsy, F-response Memory Forensics: Volatility / Rekall EDR Tools: CrowdStrike, Microsoft Defender for Endpoint, Carbon Black, SentinelOne SIEM Platforms: Splunk, Microsoft Sentinel, QRadar, ELK Network Forensics: Wireshark, Zeek, tcpdump Threat Hunting & Detection: YARA, Sigma (preferred) Required Skills & Experience
3-6 years of practical DFIR experience in enterprise or consulting environments. Strong understanding of Windows, Linux, and macOS internals. Hands‑on experience with disk imaging , evidence preservation, and forensic validation. Ability to perform artifact-based investigations and reconstruct attack paths. Solid knowledge of cyber kill chain, MITRE ATT&CK, and IR frameworks. Experience writing technical and executive-level forensic reports. Strong analytical thinking, attention to detail, and documentation skills. Ability to work under pressure during active security incidents. Preferred Certifications (not mandatory but highly preferred)
GCFA - GIAC Certified Forensic Analyst GCFE - GIAC Certified Forensic Examiner GCIH - Incident Handling CHFI - Computer Hacking Forensic Investigator EnCE - EnCase Certified Examiner CEH - Ethical Hacker (Added Advantage) Security+ / CySA+ Education
Bachelor's or Master's degree in Cybersecurity, Computer Science, Digital Forensics, Information Security , or a related field. Additional Desired Experience
Exposure to cloud forensics (AWS, Azure, GCP). Familiarity with malware triage, sandboxing, and reverse engineering concepts (nice to have). Experience with scripting for automation (Python, PowerShell, Bash). Participation in tabletop exercises or readiness assessments.
Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.SM
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.