... BS Engineering/Computer Science or equivalent experience required; advanced degree preferred ... Strong ability to monitor, triage, and investigate security events; apply structured analysis for ...
... BS Engineering/Computer Science or equivalent experience required; advanced degree preferred ... Strong ability to monitor, triage, and investigate security events; apply structured analysis for ...
... BS Engineering/Computer Science or equivalent experience required; advanced degree preferred ... Strong ability to monitor, triage, and investigate security events; apply structured analysis for ...
... BS Engineering/Computer Science or equivalent experience required; advanced degree preferred ... Strong ability to monitor, triage, and investigate security events; apply structured analysis for ...
... Computer Science or equivalent experience required; advanced degree preferred • Preferred ... handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security ...
... Computer Science or equivalent experience required; advanced degree preferred • Preferred ... handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security ...
... Computer Science or equivalent experience required; advanced degree preferred • Preferred ... handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security ...
... Computer Science or equivalent experience required; advanced degree preferred • Preferred ... handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security ...
Medical Science Photographer
Wake Forest, NC · On-site
$28.55 - $42.85/hr
Prior Forensic photography experience and Adobe Photoshop experience preferred. Pay Range: $28.55 ... photograph, analyzing the subject material and selecting the angle, lighting, and background to ...
Medical Science Photographer
Wake Forest, NC · On-site
$28.55 - $42.85/hr
Prior Forensic photography experience and Adobe Photoshop experience preferred. Pay Range: $28.55 ... photograph, analyzing the subject material and selecting the angle, lighting, and background to ...
Computer Forensics Analyst information
See Raleigh, NC salary details
$63.2K - $71.2K
9% of jobs
$74.6K is the 25th percentile. Wages below this are outliers.
$71.2K - $79.3K
38% of jobs
The median wage is $84.1K / yr.
$79.3K - $87.3K
5% of jobs
$87.3K - $95.3K
1% of jobs
$95.3K - $103.4K
0% of jobs
$103.4K - $111.4K
11% of jobs
$116.8K is the 75th percentile. Wages above this are outliers.
$111.4K - $119.5K
16% of jobs
$119.5K - $127.5K
3% of jobs
$127.5K - $135.6K
13% of jobs
$135.6K - $143.6K
2% of jobs
$143.6K - $151.6K
2% of jobs
$63.2K
$98.8K
$151.6K
How much do computer forensics analyst jobs pay per year?
What do forensic computer analysts do?
What does a Computer Forensics Analyst do?
What are the key skills and qualifications needed to thrive as a Computer Forensics Analyst, and why are they important?
How much do computer forensic analysts make?
What are some common challenges faced by Computer Forensics Analysts during investigations?
How do you become a computer forensic analyst?
What Does a Computer Forensics Analyst Do?
As a computer forensics analyst, your duties focus on investigating electronic data and digital devices for law enforcement purposes. Your responsibilities include obtaining, accessing, and analyzing data from hard drives, emails, smartphones, and tablets. In this career, you may investigate cyber crimes (which take place on the internet) or gather digital evidence for other types of criminal investigations. In addition to collecting information, you retrieve data that someone destroyed, deleted, or obscured to hide evidence of a crime. Computer forensic analysts work for law enforcement agencies, private contractors, lawyers, or corporations. Some computer experts work on a freelance basis.
Will AI take over digital forensics?
What is the difference between Computer Forensics Analyst vs Digital Forensics Specialist?
| Aspect | Computer Forensics Analyst | Digital Forensics Specialist |
|---|---|---|
| Certifications | EnCE, GCFA | EnCE, GCFA |
| Work Environment | Law enforcement, corporate security, consulting firms | Law enforcement, government agencies, private sector |
| Industry Usage | Commonly used in investigations and legal cases | Used in incident response and cybersecurity investigations |
Both roles involve analyzing digital evidence, often requiring similar certifications like EnCE and GCFA. The main difference lies in their focus: Computer Forensics Analysts typically work on legal cases and investigations, while Digital Forensics Specialists often focus on incident response and cybersecurity threats. Both roles are vital in digital security and forensics fields, with overlapping skills and work environments.

LexisNexis rating
7.6
Based on 17 frontline employees who took The Breakroom Quiz
111th of 437 rated business services
Job description
Principal Incident Response Lead
Job Profile Summary
The Principal Incident Response Lead position provides strategic and tactical leadership for enterprise incident response across a complex hybrid environment. This role serves as the senior incident commander and technical authority for high-severity security events, providing executive-ready decision support based on evolving threats, attack techniques, and advances in technology. The position supports the Information Security department's goals and objectives by leading escalations, guiding containment and recovery actions, and driving measurable improvements to response readiness and detection effectiveness. This role requires deep expertise in leading complex incident response efforts across hybrid environments and advancing cloud-native detection and monitoring capabilities, particularly within AWS. The role also owns the incident response program's readiness lifecycle-including tabletops, cyber range exercises, and after-action governance-to ensure continuous improvement and operational resilience.
Job Description
BASIC FUNCTIONS: This position will provide strategic and tactical incident response leadership, providing management with insight and input into overall security operations decisions based on advances in technology and the evolving threat landscape. The position supports the Information Security department's goals and objectives by leading escalations and coordinating response activities across multiple technical teams, ensuring consistent execution of triage, containment, eradication, and recovery. This position serves as the senior incident commander, establishes and maintains incident response readiness (playbooks, communications patterns, exercises), and drives detection and response improvements through lessons learned and measurable program outcomes.
QUALIFICATIONS:
10+ years of IT security experience, including significant incident response leadership in enterprise environments
BS Engineering/Computer Science or equivalent experience required; advanced degree preferred
Preferred: incident handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security certification(s) (AWS/Azure/GCP)
TECHNICAL SKILLS:
Advanced knowledge of modern security operations environments, including hybrid enterprise architectures and common attack paths.
Demonstrated experience leading incident response activities across complex hybrid environments, including on-premises infrastructure and multi-cloud platforms (AWS, Azure, GCP).
Strong hands-on experience engineering detections, telemetry, and monitoring solutions within AWS (e.g., CloudTrail, GuardDuty, VPC Flow Logs, and related services).
Expertise in incident command practices: severity assessment, stakeholder coordination, containment strategies, evidence handling, eradication and recovery planning, and post-incident review.
Strong ability to monitor, triage, and investigate security events; apply structured analysis for anomalous activity and adversary behaviors.
Experience with enterprise logging and telemetry pipelines, log onboarding strategies, and data quality expectations (coverage, fidelity, retention).
Experience improving detection quality and signal-to-noise (e.g., tuning, suppression, enrichment, validation, and feedback loops).
Working knowledge of identity and access security concepts (SSO/MFA, privileged access, conditional access) and identity-driven attack patterns and detections.
Understanding of compliance and governance initiatives and the ability to translate requirements into operational controls, procedures, and evidence.
Vulnerability and exposure understanding sufficient to prioritize response actions (active exploitation, blast radius, compensating controls) and guide remediation.
Familiarity with automation/SOAR concepts and scripting for investigation and response workflows (e.g., Python/PowerShell or equivalent).
Ability to develop and implement incident response programs with measurable outcomes (response readiness, containment speed, detection coverage, exercise cadence).
Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, including prioritizing work during incident conditions.
Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating resources necessary to troubleshoot/diagnose complex issues; success translating findings into options/solutions; identifying risks/impacts and schedule adjustments to facilitate management decision-making.
Advanced communication (verbal and written) and customer service skills, including the ability to brief senior/executive leadership with clear, concise, decision-oriented updates.
ACCOUNTABILITIES:
Serve as the senior incident commander and technical lead for high-severity incidents; drive structured triage, containment, eradication, and recovery across the enterprise.
Lead and coordinate incident response efforts for high-severity events spanning hybrid and multi-cloud environments (on-prem, AWS, Azure, GCP), ensuring effective containment, eradication, and recovery.
Own and continuously improve the incident response program: playbooks/runbooks, severity definitions, escalation paths, on-call expectations, evidence handling standards, and crisis communications patterns.
Plan, run, and mature readiness activities including tabletop exercises and cyber range events; define objectives, measure outcomes, and ensure follow-through on remediation actions.
Own after-action governance: facilitate post-incident reviews, establish root cause and contributing-factor analysis, drive corrective action plans, and track closure to completion (closed-loop improvement).
Lead analysis and review of security events for anomalous activity; collaborate with peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
Drive improvements to detection, investigation, and response processes through lessons learned, measurable corrective actions, and operational performance metrics.
Drive the design, implementation, and continuous improvement of detection engineering and monitoring capabilities within AWS environments.
Partner with infrastructure, cloud, endpoint, identity, and application teams to ensure response-ready logging, telemetry, and access to required investigative data sources.
Provide guidance for threat-informed mitigation and hardening activities resulting from incidents (e.g., containment controls, identity protections, logging improvements, segmentation, credential hygiene).
Communicate incident status, impact, and risk in executive-ready written and verbal updates; produce high-quality incident summaries and post-incident reports.
Support compliance and governance efforts by operationalizing response procedures, documenting evidence, and ensuring repeatable execution aligned to policy and regulatory expectations.
Assist with reviewing tools, applications, and processes to strengthen and optimize current incident response and detection capabilities, identify gaps, and recommend practical solutions to enhance effectiveness.
Assess and measure incident response program effectiveness to ensure closed-loop operations (e.g., readiness/exercise cadence, time-to-contain, repeat incident reduction, detection coverage and quality).
All other duties as assigned.
U.S. National Base Pay Range: $104,900 - $174,700. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus.We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Formor please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights.
What LexisNexis employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom