1

Computer Forensics Analyst Jobs in Raleigh, NC (NOW HIRING)

... BS Engineering/Computer Science or equivalent experience required; advanced degree preferred ... Strong ability to monitor, triage, and investigate security events; apply structured analysis for ...

next page

Showing results 1-20

Computer Forensics Analyst information

See Raleigh, NC salary details

$63.2K

$98.8K

$151.6K

How much do computer forensics analyst jobs pay per year?

As of Jul 6, 2026, the average yearly pay for computer forensics analyst in Raleigh, NC is $98,827.00, according to ZipRecruiter salary data. Most workers in this role earn between $72,900.00 and $118,600.00 per year, depending on experience, location, and employer.

What do forensic computer analysts do?

Forensic computer analysts investigate digital devices to recover, analyze, and preserve electronic evidence for legal cases. They use specialized tools and techniques to examine data from computers, smartphones, and storage media, often working closely with law enforcement or legal teams to support investigations.

What does a Computer Forensics Analyst do?

A Computer Forensics Analyst is a cybersecurity professional who investigates digital devices and networks to uncover evidence of crimes or security breaches. They collect, analyze, and preserve data from computers, mobile devices, and other digital storage media, ensuring that the evidence remains admissible in court. These analysts often work with law enforcement agencies, legal teams, or private companies to identify how cybercrimes occurred and to help prevent future incidents.

What are the key skills and qualifications needed to thrive as a Computer Forensics Analyst, and why are they important?

To thrive as a Computer Forensics Analyst, you need a solid understanding of cybersecurity principles, computer systems, and digital evidence handling, often supported by a degree in computer science, cybersecurity, or a related field. Proficiency in forensic tools like EnCase, FTK, and familiarity with operating systems, as well as certifications such as GIAC Certified Forensic Analyst (GCFA) or Certified Computer Examiner (CCE), are typically required. Attention to detail, analytical thinking, and strong written communication skills help analysts effectively investigate incidents and present findings. These competencies are crucial for accurately uncovering digital evidence, supporting legal processes, and maintaining the integrity of investigations.

How much do computer forensic analysts make?

Computer forensic analysts typically earn a median annual salary of around $70,000 to $100,000, depending on experience, education, and location. Entry-level positions may start lower, while those with specialized skills or certifications can earn higher salaries, especially in government or private sectors with complex investigations.

What are some common challenges faced by Computer Forensics Analysts during investigations?

Computer Forensics Analysts often encounter challenges such as dealing with encrypted or deleted data, rapidly evolving technology, and maintaining the integrity of digital evidence. They must also ensure that their investigative methods comply with legal and regulatory standards to ensure evidence is admissible in court. Additionally, analysts frequently work under tight deadlines and may need to collaborate closely with law enforcement, legal teams, and IT departments to piece together complex digital trails.

How do you become a computer forensic analyst?

To become a computer forensic analyst, individuals typically need a bachelor's degree in computer science, cybersecurity, or a related field. Gaining experience with digital forensics tools and techniques, obtaining certifications such as Certified Computer Forensics Examiner (CCFE) or EnCase Certified Examiner (EnCE), and developing strong analytical and technical skills are also important steps in entering the profession.

What Does a Computer Forensics Analyst Do?

As a computer forensics analyst, your duties focus on investigating electronic data and digital devices for law enforcement purposes. Your responsibilities include obtaining, accessing, and analyzing data from hard drives, emails, smartphones, and tablets. In this career, you may investigate cyber crimes (which take place on the internet) or gather digital evidence for other types of criminal investigations. In addition to collecting information, you retrieve data that someone destroyed, deleted, or obscured to hide evidence of a crime. Computer forensic analysts work for law enforcement agencies, private contractors, lawyers, or corporations. Some computer experts work on a freelance basis.

Will AI take over digital forensics?

Computer Forensics Analysts use specialized tools and techniques to investigate digital evidence, and AI can assist by automating data analysis and pattern recognition. However, human expertise remains essential for interpreting complex cases, making decisions, and ensuring legal compliance in digital investigations.

What is the difference between Computer Forensics Analyst vs Digital Forensics Specialist?

AspectComputer Forensics AnalystDigital Forensics Specialist
CertificationsEnCE, GCFAEnCE, GCFA
Work EnvironmentLaw enforcement, corporate security, consulting firmsLaw enforcement, government agencies, private sector
Industry UsageCommonly used in investigations and legal casesUsed in incident response and cybersecurity investigations

Both roles involve analyzing digital evidence, often requiring similar certifications like EnCE and GCFA. The main difference lies in their focus: Computer Forensics Analysts typically work on legal cases and investigations, while Digital Forensics Specialists often focus on incident response and cybersecurity threats. Both roles are vital in digital security and forensics fields, with overlapping skills and work environments.

What are the most commonly searched types of Computer Forensics Analyst jobs in Raleigh, NC? The most popular types of Computer Forensics Analyst jobs in Raleigh, NC are:
What are popular job titles related to Computer Forensics Analyst jobs in Raleigh, NC? For Computer Forensics Analyst jobs in Raleigh, NC, the most frequently searched job titles are:
What job categories do people searching Computer Forensics Analyst jobs in Raleigh, NC look for? The top searched job categories for Computer Forensics Analyst jobs in Raleigh, NC are:
What cities near Raleigh, NC are hiring for Computer Forensics Analyst jobs? Cities near Raleigh, NC with the most Computer Forensics Analyst job openings:
Infographic showing various Computer Forensics Analyst job openings in Raleigh, NC as of June 2026, with employment types broken down into 95% Full Time, 3% Part Time, 1% Temporary, and 1% Contract. Highlights an 98% Physical, 1% Hybrid, and 1% Remote job distribution, with an average salary of $98,827 per year, or $47.5 per hour.
Consulting/Principal Security Engineer

Consulting/Principal Security Engineer

LexisNexis

Raleigh, NC • Hybrid

Full-time

Posted 29 days ago


LexisNexis rating

7.6

Company rating: 7.6 out of 10

Based on 17 frontline employees who took The Breakroom Quiz

111th of 437 rated business services


Job description

Principal Incident Response Lead

Job Profile Summary

The Principal Incident Response Lead position provides strategic and tactical leadership for enterprise incident response across a complex hybrid environment. This role serves as the senior incident commander and technical authority for high-severity security events, providing executive-ready decision support based on evolving threats, attack techniques, and advances in technology. The position supports the Information Security department's goals and objectives by leading escalations, guiding containment and recovery actions, and driving measurable improvements to response readiness and detection effectiveness. This role requires deep expertise in leading complex incident response efforts across hybrid environments and advancing cloud-native detection and monitoring capabilities, particularly within AWS. The role also owns the incident response program's readiness lifecycle-including tabletops, cyber range exercises, and after-action governance-to ensure continuous improvement and operational resilience.

Job Description

BASIC FUNCTIONS: This position will provide strategic and tactical incident response leadership, providing management with insight and input into overall security operations decisions based on advances in technology and the evolving threat landscape. The position supports the Information Security department's goals and objectives by leading escalations and coordinating response activities across multiple technical teams, ensuring consistent execution of triage, containment, eradication, and recovery. This position serves as the senior incident commander, establishes and maintains incident response readiness (playbooks, communications patterns, exercises), and drives detection and response improvements through lessons learned and measurable program outcomes.

QUALIFICATIONS:

10+ years of IT security experience, including significant incident response leadership in enterprise environments

BS Engineering/Computer Science or equivalent experience required; advanced degree preferred

Preferred: incident handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent) and cloud security certification(s) (AWS/Azure/GCP)

TECHNICAL SKILLS:

Advanced knowledge of modern security operations environments, including hybrid enterprise architectures and common attack paths.

Demonstrated experience leading incident response activities across complex hybrid environments, including on-premises infrastructure and multi-cloud platforms (AWS, Azure, GCP).

Strong hands-on experience engineering detections, telemetry, and monitoring solutions within AWS (e.g., CloudTrail, GuardDuty, VPC Flow Logs, and related services).

Expertise in incident command practices: severity assessment, stakeholder coordination, containment strategies, evidence handling, eradication and recovery planning, and post-incident review.

Strong ability to monitor, triage, and investigate security events; apply structured analysis for anomalous activity and adversary behaviors.

Experience with enterprise logging and telemetry pipelines, log onboarding strategies, and data quality expectations (coverage, fidelity, retention).

Experience improving detection quality and signal-to-noise (e.g., tuning, suppression, enrichment, validation, and feedback loops).

Working knowledge of identity and access security concepts (SSO/MFA, privileged access, conditional access) and identity-driven attack patterns and detections.

Understanding of compliance and governance initiatives and the ability to translate requirements into operational controls, procedures, and evidence.

Vulnerability and exposure understanding sufficient to prioritize response actions (active exploitation, blast radius, compensating controls) and guide remediation.

Familiarity with automation/SOAR concepts and scripting for investigation and response workflows (e.g., Python/PowerShell or equivalent).

Ability to develop and implement incident response programs with measurable outcomes (response readiness, containment speed, detection coverage, exercise cadence).

Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, including prioritizing work during incident conditions.

Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating resources necessary to troubleshoot/diagnose complex issues; success translating findings into options/solutions; identifying risks/impacts and schedule adjustments to facilitate management decision-making.

Advanced communication (verbal and written) and customer service skills, including the ability to brief senior/executive leadership with clear, concise, decision-oriented updates.

ACCOUNTABILITIES:

Serve as the senior incident commander and technical lead for high-severity incidents; drive structured triage, containment, eradication, and recovery across the enterprise.

Lead and coordinate incident response efforts for high-severity events spanning hybrid and multi-cloud environments (on-prem, AWS, Azure, GCP), ensuring effective containment, eradication, and recovery.

Own and continuously improve the incident response program: playbooks/runbooks, severity definitions, escalation paths, on-call expectations, evidence handling standards, and crisis communications patterns.

Plan, run, and mature readiness activities including tabletop exercises and cyber range events; define objectives, measure outcomes, and ensure follow-through on remediation actions.

Own after-action governance: facilitate post-incident reviews, establish root cause and contributing-factor analysis, drive corrective action plans, and track closure to completion (closed-loop improvement).

Lead analysis and review of security events for anomalous activity; collaborate with peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.

Drive improvements to detection, investigation, and response processes through lessons learned, measurable corrective actions, and operational performance metrics.

Drive the design, implementation, and continuous improvement of detection engineering and monitoring capabilities within AWS environments.

Partner with infrastructure, cloud, endpoint, identity, and application teams to ensure response-ready logging, telemetry, and access to required investigative data sources.

Provide guidance for threat-informed mitigation and hardening activities resulting from incidents (e.g., containment controls, identity protections, logging improvements, segmentation, credential hygiene).

Communicate incident status, impact, and risk in executive-ready written and verbal updates; produce high-quality incident summaries and post-incident reports.

Support compliance and governance efforts by operationalizing response procedures, documenting evidence, and ensuring repeatable execution aligned to policy and regulatory expectations.

Assist with reviewing tools, applications, and processes to strengthen and optimize current incident response and detection capabilities, identify gaps, and recommend practical solutions to enhance effectiveness.

Assess and measure incident response program effectiveness to ensure closed-loop operations (e.g., readiness/exercise cadence, time-to-contain, repeat incident reduction, detection coverage and quality).

All other duties as assigned.

U.S. National Base Pay Range: $104,900 - $174,700. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus.

We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Formor please contact 1-855-833-5120.

Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.

Please read our Candidate Privacy Policy.

We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.

USA Job Seekers:

EEO Know Your Rights.


What LexisNexis employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom