ZipRecruiter

Log In

1

Dfir Analyst Jobs (NOW HIRING)

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY · On-site

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Anchorage, AK · On-site

$125K - $140K/yr

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Anchorage, AK · On-site

$125K - $140K/yr

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY · On-site

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY · On-site

$111K - $125K/yr

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Palo Alto Networks

$151K - $208K/yr

Perform forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry. * Utilize industry-standard DFIR tools and methodologies to support incident containment and recovery.

Surefire Cyber

Director, DFIR (Remote)

Wilmington, DE · Remote

$185K - $200K/yr

... response (DFIR), and incident management. Your expertise displays your ability to manage ... Proficiency in conducting forensic analysis, threat assessments, and post incident reviews.

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY · On-site

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Anchorage, AK

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY · On-site

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Buffalo, NY

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

Computer Task Group, Inc

CSIRT Analyst

Anchorage, AK · On-site

You conduct DFIR assignments, including DFIR readiness assessments * You participate in the weekly ... analysis of extracted artifacts and professional post-incident report writing * A bachelor or ...

ECS

Cyber Forensics Analyst

Portland, OR · On-site

Responsibilities : • Perform forensic analysis using industry-standard forensic tools and open-source DFIR utilities. • Assist with forensic investigations involving endpoints, servers, malware ...

Mercor

Security Analyst

San Francisco, CA · Remote

$1.7K - $2.1K/wk

Background in areas such as SOC analysis, incident response (DFIR), penetration testing, threat intelligence, or security architecture. * Strong analytical thinking and ability to translate security ...

next page

Showing results 1-20

All JobsDfir Analyst Jobs

Dfir Analyst information

See salary details

$31K

$73.3K

$130K

How much do dfir analyst jobs pay per year?

As of Jun 16, 2026, the average yearly pay for dfir analyst in the United States is $73,261.00, according to ZipRecruiter salary data. Most workers in this role earn between $52,500.00 and $87,000.00 per year, depending on experience, location, and employer.

What are some common challenges faced by DFIR Analysts during incident response investigations?

DFIR Analysts often encounter challenges such as analyzing large volumes of data under tight time constraints, ensuring evidence integrity during collection, and keeping up with rapidly evolving cyber threats. Working across multiple systems and platforms requires strong attention to detail and adaptability. Collaboration with IT, legal, and management teams is essential, and communicating complex technical findings in an understandable way can also be demanding. These challenges make the role dynamic and require continuous learning and effective teamwork.

What is a DFIR Analyst?

A DFIR Analyst, or Digital Forensics and Incident Response Analyst, is a cybersecurity professional who investigates and responds to security incidents, such as data breaches or cyberattacks. Their role involves collecting, analyzing, and preserving digital evidence, identifying the scope and impact of incidents, and recommending steps to mitigate future risks. DFIR Analysts utilize specialized tools and techniques to track cyber threats, recover compromised data, and support legal or regulatory actions as needed. They play a crucial role in helping organizations understand and recover from cybersecurity incidents.

What is the difference between Dfir Analyst vs Cybersecurity Analyst?

AspectDfir AnalystCybersecurity Analyst
Required CertificationsGCFA, GCFE, EnCECISSP, Security+, CEH
Work EnvironmentForensic labs, incident response teamsSecurity operations centers, threat analysis teams
Industry UsageLegal, law enforcement, corporate incident responseIT security, risk management, threat detection

While both roles focus on security and incident handling, Dfir Analysts specialize in digital forensics and evidence collection, often working in legal or law enforcement contexts. Cybersecurity Analysts focus on protecting systems proactively, monitoring threats, and preventing attacks. Both roles require certifications like Security+ or EnCE, but their daily tasks and environments differ significantly.

How much does a DFIR make in the US?

A Digital Forensics and Incident Response (DFIR) analyst in the US typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start around $60,000, while experienced professionals with certifications like GCFA or EnCE can earn over $130,000.

What is the role of a DFIR analyst?

A DFIR (Digital Forensics and Incident Response) analyst investigates cybersecurity incidents by collecting, analyzing, and preserving digital evidence to identify breaches and vulnerabilities. They use tools like forensic software and often work under pressure to support legal and organizational responses to cyber threats.

Will AI replace digital forensics?

A Digital Forensics and Incident Response (DFIR) analyst uses specialized tools and techniques to investigate cyber incidents and recover digital evidence. While AI can assist in automating data analysis and identifying patterns, it is unlikely to fully replace the analytical judgment and investigative skills required in digital forensics, which often involve complex, context-specific assessments. Human expertise remains essential for interpreting findings and making critical decisions in forensic investigations.

How much does a forensic cyber security analyst make?

A forensic cyber security analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like GCFA or EnCE can earn higher salaries, especially in high-demand environments.

What are the key skills and qualifications needed to thrive as a DFIR Analyst, and why are they important?

To thrive as a DFIR Analyst, you need a solid understanding of computer forensics, incident response procedures, and network security, typically supported by a degree in cybersecurity or computer science and certifications like GIAC or EnCE. Familiarity with forensic tools (e.g., EnCase, FTK, X-Ways), SIEM platforms, and malware analysis systems is crucial. Strong analytical thinking, attention to detail, and effective communication help you excel when investigating incidents and presenting findings. These skills are essential for accurately identifying, mitigating, and reporting cyber threats to protect organizational assets.
More about Dfir Analyst jobs
What job categories do people searching Dfir Analyst jobs look for? The top searched job categories for Dfir Analyst jobs are:
Dfir Analyst jobs near you
Infographic showing various Dfir Analyst job openings in the United States as of June 2026, with employment types broken down into 1% Locum Tenens, 94% Full Time, and 5% Part Time. Highlights an 81% Physical, 8% Hybrid, and 11% Remote job distribution, with an average salary of $73,261 per year, or $35.2 per hour.
CSIRT Analyst

CSIRT Analyst

Computer Task Group, Inc

Buffalo, NY • On-site

Full-time

Posted 10 days ago

Be an early applicant

Job description

Overview

Do you have a passion for Cyber Security, especially advanced Managed Detection & Response (MDR)? Does Incident Response, Digital Forensics, Threat Hunting, Threat Intelligence and everything related to Cyber Security feel like second nature to you? Are you a Cyber Defender at heart, driven to strengthen the blue team and help organizations that are under attack? If you answered yes to all of these questions, you might be the perfect fit for our CSIRT Analyst role!

  • You handle security alerts/incidents that have been escalated by the SOC Analysts (Tier 2)
  • You will handle security alerts and incidents together with your team
  • You conduct DFIR assignments, including DFIR readiness assessments
  • You participate in the weekly Threat Hunting duty to proactively chase threats through novel Tools, Techniques & Procedures (TTPs)
  • You will perform compromise assessments to identify potential compromises and their scope
  • You collect Threat Intelligence (IOCs and TTPs)
  • You will contribute to Detection Engineering in SIEM, xDR.
  • Together with the Red Team you will do Purple Teaming exercises to test and improve defenses
  • You contribute to the creation of playbooks in SOAR
  • You will co-write processes and procedures related to DFIR, Threat Intelligence, Threat Hunting.
  • You will be part of our Incident Response on call service.

What you need to succeed:

  • At least 3-5 years of experience in a similar position.
  • Significant hands-on experience in disk, memory and log acquisition in a forensically sound manner, parsing and deep forensic analysis of extracted artifacts and professional post-incident report writing
  • A bachelor or master degree or equivalent through experience.
  • A hands-on and proactive mindset with a 'can do' mentality.
  • Experience and/or interest in working with the following MDR tools: EDR (CrowdStrike Falcon, MS Defender for Endpoint, Sentinel One, ...), NDR (Vectra, Darktrace, ...), xDR (CrowdStrike Identity Protection, MS Defender for Office/Clouds Apps/Identity/...).
  • Knowledge of Security Monitoring with SIEM technologies.A passion about the following security capabilities: Security Monitoring, Digital Forensics, Incident Response, Threat Intelligence, Threat Hunting.
Computer Task Group logo

About Computer Task Group

Sourced by ZipRecruiter

We know that achieving our mission begins and ends with our people—and by people we mean you. Regardless of individual roles or responsibilities, regardless of industry or subject matter expertise, our lives happen in relation to other people—our colleagues, clients, and partners. CTG cultivates a workplace that attracts and develops the best people. Being Great Place to Work-CertifiedTM not only supports our Vision but also validates the rewarding workplace culture that has made CTG a leading IT and digital solutions and services company for more than 55 years.

Company size

1,001 - 5,000 Employees

Headquarters location

Buffalo, NY, US

Year founded

1966

Social media

FacebookTwitter

View All Computer Task Group Jobs