Position Overview
We are looking for an experienced Digital Forensics & Incident Response (DFIR) Specialist with 3-6 years of hands-on expertise in forensic investigation, acquisition of system images, handling digital evidence, and responding to security incidents. The ideal candidate should have strong technical skills in forensic artifact collection, root-cause analysis, and incident response operations. Relevant cybersecurity/digital forensics certifications are preferred.
Key Responsibilities
Digital Forensics
- Perform forensic acquisition of endpoints, servers, memory dumps, removable media, virtual machines, cloud workloads, and mobile devices.
- Collect, preserve, and analyze forensic artifacts, including:
- Windows artifacts: Event Logs, Registry, Prefetch, Amcache, ShimCache, SRUM, Jump Lists.
- Network artifacts: PCAPs, firewall logs, DNS logs, proxy logs.
- Browser and application artifacts.
- Linux/macOS log and filesystem artifacts.
- Capture and validate full disk images (logical and physical) using industry-standard forensic tools.
- Maintain proper Chain of Custody (CoC) documentation for all acquired evidence.
- Conduct timeline analysis, malware behavior analysis (basic to intermediate), and identify Indicators of Compromise (IOCs).
- Produce detailed forensic reports suitable for technical teams, legal teams, and leadership.
Incident Response
- Act as part of the IR team during suspected or confirmed security incidents.
- Perform incident triage, scope analysis, containment recommendations, and eradication steps.
- Investigate:
- Malware infections
- Ransomware events
- Web/application compromise
- Cloud security incidents
- Insider threat cases
- Unauthorized access events
- Work closely with SOC teams to correlate security alerts with forensic evidence.
- Assist in developing and refining IR playbooks, runbooks, and procedures.
- Support post-incident activities including lessons learned, reporting, and prevention planning.
Tools & Technologies
Hands-on experience with tools like:
- Forensic Suites: EnCase, FTK, X-Ways, Magnet Axiom, Autopsy, F-response
- Memory Forensics: Volatility / Rekall
- EDR Tools: CrowdStrike, Microsoft Defender for Endpoint, Carbon Black, SentinelOne
- SIEM Platforms: Splunk, Microsoft Sentinel, QRadar, ELK
- Network Forensics: Wireshark, Zeek, tcpdump
- Threat Hunting & Detection: YARA, Sigma (preferred)
Required Skills & Experience
- 3-6 years of practical DFIR experience in enterprise or consulting environments.
- Strong understanding of Windows, Linux, and macOS internals.
- Hands-on experience with disk imaging, evidence preservation, and forensic validation.
- Ability to perform artifact-based investigations and reconstruct attack paths.
- Solid knowledge of cyber kill chain, MITRE ATT&CK, and IR frameworks.
- Experience writing technical and executive-level forensic reports.
- Strong analytical thinking, attention to detail, and documentation skills.
- Ability to work under pressure during active security incidents.
Preferred Certifications (not mandatory but highly preferred)
- GCFA - GIAC Certified Forensic Analyst
- GCFE - GIAC Certified Forensic Examiner
- GCIH - Incident Handling
- CHFI - Computer Hacking Forensic Investigator
- EnCE - EnCase Certified Examiner
- CEH - Ethical Hacker (Added Advantage)
- Security+ / CySA+
Education
- Bachelor's or Master's degree in Cybersecurity, Computer Science, Digital Forensics, Information Security, or a related field.
Additional Desired Experience
- Exposure to cloud forensics (AWS, Azure, GCP).
- Familiarity with malware triage, sandboxing, and reverse engineering concepts (nice to have).
- Experience with scripting for automation (Python, PowerShell, Bash).
- Participation in tabletop exercises or readiness assessments.
Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work. SM
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.
What the Team is Saying
Similar Jobs
What We Do
Optum, part of the UnitedHealth Group family of businesses, is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
At Optum, we support your well-being with an understanding team, extensive benefits and rewarding opportunities. By joining us, you’ll have the resources to drive system transformation while we help you take care of your future.
We recognize the power of connection to drive change, improve efficiency and make a difference in health care. Join a team where your skills and ideas can make an impact and where collaboration is key to creating technology that produces healthier outcomes.
Gallery
Optum Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Optum has three workplace models that balance the needs of the business and the responsibilities of each role. These models, core on‑site (5 days/week), hybrid (4 days/week) and telecommute or fully remote, vary by country and may differ based on loc
