Director of Forensics and eDiscovery

Job Function

Technology Enterprise Strategy & Security

Security & Controls

People Leader

Raritan, New Jersey, United States of America

We are seeking a dynamic and experienced Director of Forensics and eDiscovery to lead a combined team that delivers defensible electronic discovery collection services and forensic data collection and analysis in support of legal matters, A&D projects, employment matters, insider-risk investigations, and cybersecurity events. This role is responsible for operational delivery, technical strategy, team mentorship, process governance, and stakeholder engagement with Legal, Global Security, HR, and business units to ensure timely, compliant, and cost-effective handling of electronically stored information (ESI) and forensic evidence.

• Leadership and Strategy:
  Lead a team of analysts in performing targeted and broad forensic data collections and advanced forensic analysis (file system, memory, endpoint, mobile, cloud) for litigation, employment investigations, insider-risk inquiries, cybersecurity incidents and preparation of defensible forensic deliverables.
• Stakeholder Communication:
  Collaborate closely with Legal, Privacy, Cybersecurity, HR, and business stakeholders to scope matters, prioritize work, and deliver findings in support of decision-making.
• Digital Forensics:
  Conduct technical forensic analysis and deep dive root cause analysis of electronic devices and artifacts.

• Team Development:
  Mentor and develop team members, fostering a culture of innovation and continuous improvement.
• Tool Evaluation and Selection:
  Define and continually improve collection and analysis processes and playbooks to ensure defensibility, reproducibility, and chain-of-custody integrity. Oversee technical toolset selection, deployment, and optimization (forensic and eDiscovery platforms, collection utilities, imaging tools, cloud connectors).
• Risk Management:
  
  Identify potential risks and vulnerabilities in systems and processes and coordinate mitigation of them.
• Metrics:
  Establish key performance indicators (KPIs) to measure the effectiveness of forensic and eDiscovery services and initiatives.

• A bachelor's degree is required.
• 12 years of relevant technical experience.
• Deep understanding of digital evidence principles (preservation, chain of custody, admissibility, and defensibility).
• File systems and storage concepts (NTFS, FAT, exFAT, Ext variants, APFS, VHD/VMDK, RAID arrays).
• Operating systems internals (Windows, macOS, Linux, and mobile OS architectures (iOS, Android)).
• Cloud-based collections and forensic analysis (Microsoft 365, AWS, Azure, other cloud-based business applications).
• Memory forensics and volatility concepts (live response, RAM acquisition, analysis).
• Common artifact locations and timelines (logs, registry, browser/data stores, email, cloud metadata).
• Scripting and automation:
  Python, Power Shell, Bash for custom parsers, triage, and repeatable workflows.
• Strong knowledge of eDiscovery lifecycle, ESI preservation, chain-of-custody, and defensible collection methodologies.
• Privacy, data protection, and relevant regulations (e.g., GDPR, HIPAA) as they affect evidence handling.
• Demonstrated experience supporting litigation, regulatory matters, employment investigations, or insider-risk cases.
• Excellent writing and communication skills with ability to explain technical findings to legal and business audiences.
• Familiarity with Artificial Intelligence and ML‑based forensic analysis and automation tools.

• A minimum of 12 years of digital forensic experience.
• A minimum of 6 years leading and managing digital forensic or related teams including junior, senior, and manager level skillsets.

• Lead and mentor: coach technical staff, develop career paths, and build bench strength through structured development plans.
• Build high-performing teams: recruit, onboard, retain, and scale teams while fostering psychological safety and accountability.
• Make decisions under pressure: prioritize investigations and resource allocation during active incidents with incomplete information.
• Grow capability: identify skills gaps, implement training programs, and institutionalize knowledge transfer (playbooks, runbooks).
• Influence & develop others: provide constructive feedback, manage performance improvement plans, and promote technical leadership.
• Sustain quality in complex environments: enforce QA processes, peer review, and reproducible evidence handling.
• Advocate for continuous learning: champion certifications, rotations, cross-training, and certifications.

• Strong investigative mindset: hypothesis-driven analysis, source triangulation, and validation of findings.
• Ability to construct clear, reproducible timelines and correlate multi-source artifacts (endpoint, network, cloud, logs).
• Root-cause analysis capability to determine intrusion vectors, user actions, or data…