DFIR Analyst

Trillium Information Security Systems (TISS) | Full time DFIR Analyst

Karachi, Pakistan | Posted on 10 / 14 / 2025 Founded in 2005, Trillium Information Security Systems (TISS) is Pakistan’s first, and largest cybersecurity company. Today, Trillium has gained unrivaled expertise and experience; having delivered complex information assurance solutions to customers, performed specialized information security services, trained thousands of cyber security professionals across the country, and established a comprehensive network of resellers.

Job Description

We are lookingfor a Digital Forensics and Incident Response (DFIR) Analyst to join our SecurityConsultancy and Forensic team. The DFIR Analyst will be responsible forconducting compromise assessments, incident response investigations, andforensic analysis across Windows and Linux environments. The ideal candidatewill have hands-on experience with open-source and industry-standard DFIRtools, a strong understanding of operating system internals, and the ability todeliver detailed forensic and incident reports.

Key Responsibilities

Perform compromise assessments todetect potential intrusions, persistence mechanisms, lateral movement, anddata exfiltration activities.

Conduct digital forensicinvestigations on Windows and Linux systems.

Collect, preserve, and analyzedigital evidence in a forensically sound.

Analyze key Windows and Linuxforensic artifacts, such as Prefetch, Amcache, Shimcache, Event Logs,Registry, Bash history, Syslog, and authentication logs, etc.

Correlate forensic findings withMITRE ATT&CK techniques to identify threat actor behavior and TTPs.

Integrate findings with ThreatIntelligence platforms to enrich context and identify IOCs (Indicators ofCompromise).

Respond to live incidents,including ransomware and data breaches.

Prepare comprehensive forensic andincident response reports with technical findings, impact analysis, andremediation recommendations.

Collaborate with SOC, ThreatHunting, and IT teams to contain, eradicate, and recover from securityincidents.

Contributes to the continuousimprovement of DFIR processes, toolsets, and playbooks.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity,Information Security, or related field (or equivalent experience)

1–2 years of hands-on experience in digital forensics and / orincident response.

Strong understanding of :

Windows and Linux OS internals and artifacts

Network protocols, attack vectors, and adversary techniques

File systems (NTFS, EXT4) and memory

Experience using and interpreting outputs from tools such as :

Velociraptor, KAPE, EZ Tools (Eric Zimmerman), UAC, LogAnalysis Tools, Volatility, etc.

Familiarity with threat intelligence, IOCs, and MITREATT&CK mapping.

Strong analytical and problem-solving skills with attention todetail.

Excellent written communication skills - ability to produceclear, technical investigation reports for both technical andnon-technical audiences.

Ability to work under pressure and manage multiple cases inparallel.

Nice-to-Have

Certifications such as CC, Security +, Network +, etc.,

Experience with cloud forensics (AWS, Azure, GCP).

Familiarity with SIEM tools (Splunk, ELK, IBM QRadar) andendpoint telemetry.

Knowledge of PowerShell or Python scripting for automation.

Experience documenting and presenting case findings to clientsor executive teams.

#J-18808-Ljbffr