Senior Cybersecurity – Digital Forensic Investigator

Job Description:

Role – Senior Cybersecurity –  Digital Forensic InvestigatorAbout the Company:Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won't just imagine the future-you'll create it.About the Job:The Senior Cybersecurity Digital Forensic Investigator plays a critical role in supporting and conducting security investigations escalated to the Cyber Operations DFIR (Digital Forensics and Incident Response) team. This analyst independently manages investigations of varying complexity and collaborates closely with lead investigators on advanced cases. Responsibilities include analyzing digital evidence, documenting technical findings, and preparing comprehensive reports detailing the nature and scope of malicious activity.The role also involves communicating investigative outcomes clearly to forensic leads and stakeholders, maintaining evidence integrity, and producing accurate technical documentation with potential legal or compliance implications. The ideal candidate demonstrates strong analytical skills, attention to detail, and the ability to operate effectively in high pressure environments while contributing to continuous improvement of forensic processes.The Senior Cybersecurity Digital Forensic Investigator plays a key role in conducting and supporting digital forensic investigations escalated from Incident Response and Threat Analytics teams. This role involves leading and supporting investigations, analyzing digital evidence, and contributing to the continuous improvement of forensic capabilities across the organization.The individual in this role will have demonstrated ability to:

• Serve as an on-call Digital Forensics Investigator for escalated cases.
• Lead investigations of all levels under the supervision of a Principal Investigator.
• Collaborate with multidisciplinary teams, providing forensic analysis and support.
• Manage low to medium complexity cases and delegate tasks to other investigators as needed.
• Participate in an on-call rotation to support time-sensitive investigations.

The individual in this role will perform analysis of complex security issues and corresponding activities to help mitigate risk. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhancing our mitigation techniques, processes, and technology solutions.Experience Level: 8+ yearsLocation: HyderabadRoles and Responsibilities:

• Utilize forensic and security tools (e.g., EnCase, FTK, Magnet AXIOM, X-Ways, Volatility, Cellebrite, EDR platforms) to collect, process, and analyze digital evidence.
• Conduct root cause analysis to determine the scope, impact, and execution of cybersecurity incidents.
• Identify attack vectors, compromised assets, threat actor intent, and attribution using forensic methodologies.
• Preserve digital evidence in accordance with legal and forensic standards, maintaining chain of custody.
• Reconstruct timelines and events using forensic artifacts and log data.
• Assess whether incidents meet criteria for legal prosecution or regulatory reporting.
• Draft and review forensic reports for both technical and non-technical audiences.
• Document indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) for threat intelligence sharing.
• Support forensic environments across on-premises and cloud infrastructure (AWS, Azure).
• Contribute to the development and refinement of forensic techniques, tools, and processes.
• Perform log analysis from diverse sources (e.g., system logs, firewall logs, cloud audit logs).
• Analyze malware behavior, host/network compromise techniques, and cloud security events.
• Apply knowledge of web application and API security, exploits, vulnerabilities, and attack vectors.
• Use SIEM tools like Splunk and EDR platforms (e.g., SentinelOne, Microsoft Defender) for investigation and analysis.
• Leverage scripting languages (e.g., Python, PowerShell, Bash) for automation and forensic tasks.

Primary / Mandatory skills:

• Overall – 8+ years of hands-on experience in Digital Forensics, Incident Response, or related cybersecurity functions.
• Proven track record of conducting forensic investigations across on-premises, cloud, and hybrid environments.
• Strong understanding of digital forensics best practices, including evidence handling and legal considerations.
• Expertise in:
  • Dead Box Forensics
  • Live Forensics
  • Memory Forensics
  • Cloud Forensics
• Strong working knowledge of Windows, macOS, and Linux/*nix operating systems and network elements.
• Familiarity with general computing protocols, internet communication methods, and networking fundamentals.
• Ability to mentor others in at least one or two forensic methodologies or technical domains
• Strong analytical and problem-solving skills with the ability to identify patterns and trends in data and make data-driven decisions.
• Excellent communication skills, both written and verbal, with the ability to convey complex information in a clear and concise manner, including:
  • Report writing
  • Critical thinking
  • Presentation skills (in-person and virtual)
  • Business communication tailored to technical and non-technical audiences
• Professional integrity and discretion when handling sensitive information.
• Commitment to continuous learning and staying current with emerging threats and forensic technologies.
• Ability to work both independently and as part of a team in a fast-paced, dynamic environment.
• Sense of urgency and attention to detail.
• Should be flexible to work on weekends.
• Should be flexible to provide coverage in US morning hours.

Desirable skills:

• Industry certifications such as SANS GCFA, SANS GCFE and/or other relevant certifications
• Bachelor's degree in computer science, cybersecurity, information technology, or a related field. Master's degree preferred.
• Quick learner with the ability to absorb and mentor others on new technologies and concepts.
• Effective collaboration skills, especially in remote or distributed team environments.

Additional information (if any): 

• Should be flexible to work on weekends.
• Should be flexible to provide coverage in US morning hours.
• Location: Hyderabad

Certification: SANS GCFA, SANS GCFE, and/or other relevant certifications.

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.

---