SUMMARY
The Digital Forensics Lab Associate Lead is a hands-on technical role responsible for maintaining and operating Arete’s digital forensics lab and supporting forensic analysis across active investigations. This role manages lab systems, evidence handling, and data processing workflows while performing forensic collections, imaging, and analysis on digital media.
The Associate Lab Lead acts as the primary point of contact for lab operations, maintaining uptime, reliability, and consistency of forensic processes. They collaborate closely with DFIR analysts, legal, and IT teams to streamline data collection, improve turnaround time, and uphold defensible evidence handling and documentation standards.
ROLES & RESPONSIBILITIES
- Perform forensic imaging, acquisition, and data processing for endpoints, servers, mobile devices, and cloud sources.
- Maintain and operation all lab infrastructure including forensic workstations, storage, and collection platforms
- Manage intake, tracking, and chain of custody for all evidence (digital and physical).
- Coordinate and execute shipping, receiving, and inventory of data and equipment.
- Develop and document repeatable workflows for evidence handling imaging, ingestion, and analysis.
- Support active investigations by preparing, decrypting, or converting data sets for analysis.
- Conduct forensic analysis on collected data to identify artifacts, reconstruct timelines, and support investigation findings.
- Prepare concise technical summaries and reports detailing observed activity, indicators, and findings relevant to ransomware, BEC, and other intrusion/investigation types.
- Serve as the point of contact for technical troubleshooting related to lab systems and forensic tools.
- Monitor performance and health system of lab platforms. Work with Operations IT to identify and resolve bottlenecks.
- Build and maintain forensic imaging templates and SOPs.
- Generate technical and summary-level reports on lab operations, SLA performance, and evidence activity.
- Partner with Operations leadership to identify automation opportunities, improve throughput, and reduce manual effort.
- Maintain compliance with data protection and privacy laws related to evidence and retention.
- Support legal requests by managing and producing data under appropriate authorization.
- Stay current on forensic tools, methodologies, and storage technologies through ongoing training.
- Performs other duties as assigned by management.
SKILLS AND KNOWLEDGE
- Strong technical foundation in digital forensics and evidence handling.
- Proficiency with tools such as FTK Imager, Cellebrite (Physical Analyzer/Digital Collector), Magnet Axiom, Atola, and related forensic utilities.
- Experience with forensic imaging, data recovery, and analysis of Windows, macOS, and mobile devices.
- Familiarity with cloud acquisition workflows and virtual environments (VMware, VirtualBox).
- Deep understanding of chain of custody, evidence preservation, and documentation standards.
- Competence with encryption, decryption, and data transfer tools (Bitlocker, VeraCrypt, APFS encrypted volumes).
- Strong troubleshooting skills in both hardware and software forensic environments.
- Excellent organizational and communication skills; ability to collaborate cross functionally.
- Self-motivated and comfortable managing technical workloads independently.
JOB REQUIREMENTS
- Bachelor’s degree in Computer Science, Cybersecurity, Digital Forensics, or related field.
- 6-15 years of experience in digital forensics, incident response, or forensic lab operations.
- Relevant certifications preferred (e.g., GCFE, EnCE, CFCE, CHFI, Cellebrite CCME).
- due to the nature of the work.
- Flexibility to provide occasional weekend and after-hours support for time-sensitive evidence handling or analysis.
- Full-time onsite presence (Monday through Friday) at Arete Headquarters.
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
- No physical exertion required
- Travel within or outside of the state
- Light work: Exerting up to 50 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
FLSA OVERTIME CATEGORY
Job is exempt from the overtime provisions of the Fair Labor Standards Act.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.