Cyber Defense Forensics Analyst
EY · Minneapolis, MN
- On site
- Full-time
- $164,000 / year
- Minneapolis, MN
Job highlights
- Lead security incident response as an analyst.
- Perform digital forensics and malware analysis.
- Identify and respond to security threats.
- Work with SIEM and forensic tools.
- Collaborate with IT for incident resolution.
About the role
Cyber Defense Forensics Analyst - EY
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. Join us and build an exceptional experience for yourself, and a better working world for all.
About the Role
Today’s world is fuelled by vast amounts of information. Protecting data and information systems is central to doing business. EY Information Security professionals enable EY to work securely, deliver secure products and services, and detect and quickly respond to security events. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions.
The Opportunity
As a Cyber Triage and Forensics (CTF) Incident Analyst, you will be a senior member of the technical team responsible for security incident response for EY. You will serve as an escalation point for security incidents, performing digital forensic analysis, malware analysis, identifying indicators of compromise, supporting remediation efforts, and developing documentation to support the security incident response process.
Your Key Responsibilities
- Investigate, coordinate, and report on security incidents.
- Forensically analyze end-user systems and servers for indicators of compromise.
- Analyze artifacts collected during security incidents and forensic analysis.
- Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools.
- Interface with server owners and IT contacts for incident response activities, including system access, artifact collection, containment, and remediation.
- Provide consultation and assessment on perceived security threats.
- Maintain, manage, improve, and update security incident process and protocol documentation.
- Regularly provide reporting and metrics on case work.
- Identify root cause and solutions for security incidents.
- Analyze findings and develop fact-based reports.
- Be on-call to deliver global incident response.
Skills And Attributes For Success
- Proven integrity and judgment.
- Ability to balance work and personal priorities.
To Qualify For The Role, You Must Have
- Bachelors or Masters Degree in Computer Science, Information Systems, Engineering, or a related field.
- 5+ years of experience in incident response, computer forensics analysis, and/or malware reverse engineering.
- Understanding of security threats, vulnerabilities, and incident response.
- Understanding of electronic investigation, forensic tools, and methodologies, including log correlation and analysis, forensically handling electronic data, knowledge of computer security investigative processes, and malware identification and analysis.
- Familiarity with legalities surrounding electronic discovery and analysis.
- Experience with SIEM technologies (e.g., Splunk).
- Deep understanding of both Windows and Unix/Linux based operating systems.
Ideally, You’ll Also Have
- Professional certifications such as GCFE, GCFA, or GCIH.
- Background in security incident response in Cloud-based environments (e.g., Azure).
- Programming skills in PowerShell, Python, and/or C/C++.
- Understanding of security best practices for network architecture and server configuration.
What We Look For
- Demonstrated integrity in a professional environment.
- Ability to work independently.
- A global mindset for working with different cultures and backgrounds.
- Knowledgeable in business industry-standard security incident response processes, procedures, and life cycle.
- Excellent teaming, social, communication, and writing skills.
What We Offer You
EY offers a comprehensive compensation and benefits package. The base salary range for this position in the US is $87,700 to $164,000. For the New York City Metro Area, Washington State, and California (excluding Sacramento), the range is $105,200 to $186,400. Total Rewards include medical and dental coverage, pension and 401(k) plans, and flexible paid time off options, including vacation, holidays, and personal/family care leave.
Key skills/competency
- Cyber Defense
- Forensics Analysis
- Incident Response
- Malware Analysis
- SIEM Technologies
- Digital Forensics
- Security Incident Response
- Vulnerability Assessment
- Network Security
- Information Security
Skills & topics
- Cyber Defense Forensics Analyst
- Incident Response
- Digital Forensics
- Malware Analysis
- SIEM
- Cybersecurity
- Information Security
- EY
- Computer Forensics
- Security Analyst
How to get hired
- Tailor your resume: Highlight your 5+ years in incident response, forensics, and malware analysis, emphasizing SIEM experience (like Splunk) and OS knowledge (Windows/Linux).
- Showcase your skills: Detail your understanding of security threats, forensic tools, and methodologies in your application and during interviews.
- Prepare for technical questions: Be ready to discuss your experience with log correlation, data handling, and legalities of electronic discovery.
- Demonstrate integrity: Emphasize your proven integrity, judgment, and ability to balance priorities throughout the hiring process.
- Research EY's culture: Understand their focus on high ethical standards and global collaboration to align your responses.
Technical preparation
Master forensic analysis tools and techniques.,Practice malware analysis and reverse engineering.,Gain expertise in SIEM (Splunk) operations.,Deepen knowledge of Windows and Linux systems.
Behavioral questions
Describe a complex security incident you managed.,How do you maintain integrity under pressure?,Explain your process for prioritizing multiple incidents.,How do you collaborate with diverse teams globally?
Frequently asked questions
- What are the key responsibilities for an EY Cyber Defense Forensics Analyst?
- As an EY Cyber Defense Forensics Analyst, your key responsibilities will include investigating and reporting on security incidents, performing forensic analysis of systems, analyzing malware, identifying indicators of compromise, supporting remediation efforts, and documenting the incident response process. You will also be expected to act as an escalation point for complex security incidents and participate in 'hunting' operations within SIEM tools.
- What qualifications are essential for the Cyber Defense Forensics Analyst role at EY?
- To qualify for this role at EY, you must possess a Bachelor's or Master's degree in a related field (Computer Science, Information Systems, Engineering), at least 5 years of experience in incident response, computer forensics analysis, or malware reverse engineering. Essential knowledge includes security threats, vulnerabilities, incident response methodologies, forensic tools, SIEM technologies (like Splunk), and a deep understanding of Windows and Unix/Linux operating systems. Familiarity with electronic discovery legalities is also required.
- Does EY offer remote work for the Cyber Defense Forensics Analyst position?
- EY utilizes a team-led and leader-enabled hybrid model. While not explicitly stated as fully remote, the description suggests flexibility. Their expectation is for most client-serving roles to work together in person 40-60% of the time over the course of an engagement, project, or year, indicating a potential for hybrid arrangements.
- What is the salary range for a Cyber Defense Forensics Analyst at EY in the US?
- For the Cyber Defense Forensics Analyst position in the US, the base salary range is $87,700 to $164,000. For specific high-cost areas like the New York City Metro Area, Washington State, and California (excluding Sacramento), the salary range is higher, from $105,200 to $186,400. Individual salaries are determined by factors such as education, experience, skills, and location.
- What kind of technical skills are needed for the EY Cyber Defense Forensics Analyst job?
- Key technical skills for this role include proficiency in incident response, computer forensics analysis, and malware reverse engineering. You'll need a strong understanding of security threats, SIEM technologies (e.g., Splunk), and both Windows and Unix/Linux operating systems. Experience with electronic investigation tools, forensic methodologies, and log correlation is also critical. Ideally, programming skills in PowerShell, Python, or C/C++ and experience with cloud environments like Azure are beneficial.