Senior Forensic Analyst

About the Role\n\nThe Forensics Analyst will play a key role in conducting and supporting digital forensic investigations, cloud and memory analysis, and incident response activities as part of ongoing cybersecurity research, national security initiatives, and critical infrastructure protection projects under C3iHub, IIT Kanpur.\n\nThe position involves both hands-on forensic analysis and research contributions toward developing frameworks, methodologies, and tools for advanced forensic investigation and cyber threat attribution across on-premises, cloud, and hybrid environments.\n\nResponsibilities\n\nConduct end-to-end digital and cloud forensic investigations for incidents involving system compromise, data breaches, or insider threats.\nPerform disk, memory, mobile, and cloud forensics using industry-standard tools and open-source frameworks.\nAcquire and preserve digital evidence from on-premises and cloud environments (AWS, Azure, GCP) following proper chain-of-custody procedures.\nAnalyze logs, virtual machines, and storage data from cloud platforms to identify malicious activity and misconfigurations.\nSupport incident response operations by providing forensic insights, identifying attack vectors, and validating indicators of compromise (IOCs).\nConduct malware and payload analysis, identifying persistence mechanisms, encryption routines, and command-and-control (C2) patterns.\nWork on research-driven forensic projects, including tool development, forensic automation scripts, and forensic readiness frameworks for IT, OT, and cloud environments.\nCollaborate with law enforcement agencies, CERTs, and defense partners for forensic data sharing and technical validation.\nGenerate comprehensive forensic and technical reports for internal and external stakeholders.\nMaintain and enhance the forensics lab environment at C3iHub, ensuring up-to-date toolsets for disk, memory, and cloud forensic analysis.\nContribute to training programs, workshops, and publications in the field of digital, memory, and cloud forensics.\n\nEligibility\n\nBachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or Digital Forensics.\n5–8 years of hands-on experience in digital forensics, incident response, or malware analysis.\nStrong command of forensic tools such as Autopsy, FTK, EnCase, Magnet AXIOM, Volatility, Cellebrite, X-Ways, or Sleuth Kit.\nExperience with cloud forensic tools and techniques for AWS, Azure, or GCP environments.\nSound understanding of Windows, Linux, and Android forensics, including file systems and registry artifacts.\nExperience with memory forensics, log correlation, and timeline reconstruction.\nFamiliarity with SIEM platforms such as Splunk, ELK, and Chronicle, along with threat hunting methodologies.\nUnderstanding of chain of custody, evidence handling, and cyber law principles.\nExcellent analytical thinking, documentation, and report writing skills.\nAbility to work collaboratively in a multi-disciplinary research environment and under time-sensitive investigation scenarios.\n\nDesired Eligibility\n\nExposure to malware reverse engineering and network packet forensics using tools such as Wireshark, Zeek, and Suricata.\nHands-on experience with cloud forensic frameworks and tools such as AWS CloudTrail, Azure Sentinel, and Google Cloud Audit Logs.\nScripting or automation experience in Python, PowerShell, or Bash.\nKnowledge of ICS/SCADA forensics and hybrid environment investigations.\nPrior experience working in cyber research projects, SOCs, or government-sponsored cybersecurity programs.\n\nTravel\n\nTravel may be required across the country for project execution, monitoring, and coordination with geographically distributed teams, as and when required.\n\nCommunication\n\nSubmit a cover letter summarising your experience in relevant technologies and software, along with your resume and latest passport-size photograph.