Prin Analyst Cyber Security Ops - Digital Forensics

PURPOSE AND SCOPE:

Fresenius Medical Care’s Cyber Security Operations Center (CSOC) isseekinga highly experienced PrincipalAnalystThePrincipalCyber Security Analyst specializing in Digital Forensics serves as the senior technical authority for forensic investigations across the enterprise. This role leadscomplexincident response cases, conducts advanced forensic analysis of endpoints, servers, cloud environments, and networks, andprovidesstrategic insight to reduce organizational risk. The Principal Analyst acts as thehighestlevelescalation point for investigative matters andmentorsother analysts inevidencehandling,methodology, and tooling.

This is a U.S.-based remote position supporting Fresenius Medical Care’s global Cyber Security Operations Center.

PRINCIPALDUTIES AND RESPONSIBILITIES:

• Leadenterpriselevelforensic investigations involving malware, insider threats, credential compromise, data exfiltration, fraud, and targeted attacks.

• Act as technical commander during priority incidents, directing scoping, containment, eradication, androotcauseanalysis in partnership with IR, IT, and Cloud teams.

• Conductrootcause, impact, and attribution analysis for major cyberevents;drive corrective and preventive actions.

• Leadpostincidentreviews and oversee closure of remediation tasks, translating findings into hardening and control improvements.

• Develop andmaintainforensic methodologies,chainofcustodyprocedures, andevidencehandlingstandards.

• Serve as the primary liaison with Legal, Privacy, HR, and external law enforcement during escalated or sensitive investigations.

• Correlate forensic artifacts withthreatintelligenceinsights toidentifyadversaries, campaigns, and TTPs.

• Establish and maintainforensicreadinessstrategies, including tooling optimization, logging enhancements, anddataretentionstandards.

• Develop lightweight tools and scripts (Python/PowerShell) for artifact parsing, timeline generation, triage capabilities, andcloudlognormalization.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

• The physical demands and workenvironmentcharacteristicsrepresentthose typicallyencounteredwhile performing essential duties. Reasonable accommodation may be made as needed.
  This is a remote role with availability expected during core hours and during escalations asrequired.

SUPERVISION:

• Provides technical leadership and mentorship tothreatengineersand SOC analysts globally. Does not directly manage staff.

EDUCATION:

Minimum

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience).

EXPERIENCE AND REQUIRED SKILLS:

• 10+ years in Incident Response/DFIR, including leadership of complex,enterprisescaleinvestigations.

• Cloud & Identity: Sentinel/Splunk, Microsoft 365/Azure logs, AWS/GCP logging, Entra/Okta audit trails.

• Network: Zeek, Suricata, Brim/Wireshark, PCAP/flow analytics.

• Experience inevidencehandling, legal hold/eDiscovery coordination, and working with Legal/HR/Privacy.

• Mastery of Windows and Linux internals, authentication flows, common persistence/mechanisms, and lateral movement TTPs.

• Proficientin Python or PowerShell for automation and artifact analysis.

• Excellent written and verbal communication—able to brief executives clearly under time pressure.

Preferred:

• Industry certifications (one or more): GCFA, GCFE, GNFA, GREM, GCIH, CISA, CISSP, Azure Security, AWS Security.

• Experience with Zero Trust controls, identity threat detection, and SaaS forensics (O365, Google Workspace).

• Familiarity with EPSS/SSVC, threat modeling, andpurpleteam/ATT&CK evaluation practices.

• Background in regulated environments (e.g., healthcare, financial services, manufacturing) and associated audit expectations.