Manager – Digital Forensics & Investigations

Job Title : Manager – Digital Forensics & Investigations Onsite working: HyderabadEC-Council is the world’s largest cyber security technical certification body. We operate in 145 countries globally and we are the owner and developer of various world-famous cyber security programs. We are proud to have trained and certified over 400,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.Position Summary This role is responsible for safeguarding the integrity, validity, and defensibility of certification exams at scale. It combines forensic investigation, data science, advanced analytics, and structured audit governance to ensure that every exam outcome is not only operationally sound but analytically and forensically defensible.You will lead the design and operation of a data-driven exam integrity system, using Splunk and related technologies to detect, investigate, and prevent integrity risks across large-scale exam data.This is a hands-on role requiring strong capability in data analysis, query building, and pattern detection, with the expectation to move beyond case-by-case investigation and build scalable detection and risk models.In this role, you will:Build systems that detect risk patterns not just investigate incidents Apply data science and analytical thinking to exam forensics Connect identity, behavior, supervision, and outcomes into clear insights Enable consistent, evidence-based decisions at scale Core Responsibilities:Exam Forensics & InvestigationsYou will lead complex investigations into exam misconduct and integrity breaches, ensuring that conclusions are evidence-based and defensible.Key focus areas:Investigate impersonation, proxy testing, coordinated behavior, and content compromise Analyze video feeds, proctoring logs, identity signals, and behavioral patterns Apply forensic analysis across multiple data sources to reconstruct events Build structured, evidence-backed cases and recommend actions (hold, retake, invalidate) Work across regions and stakeholders to validate findings and drive resolution Data Science, Detection & Advanced AnalyticsYou will build and operate the analytical engine behind exam integrity, with a strong focus on data science and advanced analytics.Key focus areas:Design detection logic using Splunk and large-scale log data Develop analytics across identity, location, behavior, supervision, and outcomes Build correlation models linking multiple signals into risk indicators Apply statistical thinking to identify anomalies and patterns Continuously refine detection models based on emerging fraud patterns Create scalable frameworks for anomaly detection and pattern recognition Monitoring, Risk Profiling & Early DetectionYou will shift the organization from reactive investigation to proactive, intelligence-led risk detection.Key focus areas:Monitor candidate, session, and supervision risk profiles Identify repeat patterns and emerging threats Detect high-risk environments and recurring anomalies Define thresholds and models for risk classification Enable early intervention before issues scale Exam Outcome Integrity & Psychometric MonitoringYou will ensure that exam outcomes remain statistically valid and defensible.Key focus areas:Monitor score distributions and pass rate behavior Detect clustering near pass thresholds (±5% band) Identify form-level anomalies, drift, or compromise indicators Apply analytical and statistical methods to validate outcomes Support defensibility of certification results Audit, Compliance & Data-Driven GovernanceYou will strengthen audit processes using structured, data-backed approaches.Key focus areas:Ensure compliance with defined integrity and security standards Support audit programs and certification reviews Validate audit outcomes using data rather than manual checks Maintain clear audit trails and evidence structures Drive consistency and defensibility in decision-making Monitoring, Dashboards & ReportingYou will build visibility into exam integrity through strong analytics and reporting.Key focus areas:Design dashboards for real-time risk monitoring Highlight anomaly concentration and emerging fraud patterns Generate actionable insights for leadership Move from reporting metrics to decision-oriented analytics Team Leadership & Capability BuildingYou will lead a team responsible for high-volume session review and analysis.Key focus areas:Manage workload, quality, and SLA adherence Build analytical and forensic capability within the team Ensure consistency in investigation outcomes Drive a culture of structured, data-driven decision-making Stakeholder & Ecosystem ManagementYou will work across internal and external stakeholders to maintain integrity standards.Key focus areas:Collaborate with global teams and partners Manage relationships with proctoring and delivery vendors Communicate complex findings clearly to leadership Drive accountability using data and insights What We’re Looking ForWe are looking for someone with strong experience in exam integrity, fraud analytics, cybersecurity analytics, or forensic investigations, ideally in environments where outcomes must be defensible and auditable.Core Requirements (Non-Negotiable)8–12 years of relevant experience Advanced hands-on expertise in Splunk (search, correlation, dashboards, detection logic) Strong capability in: Writing and optimizing queries (SPL, SQL or similar) Working with large-scale log and event data Building detection logic and analytical models Strong analytical and data science orientation: Pattern recognition Anomaly detection Correlation across multiple data sources Proven forensic thinking: Ability to connect identity, behavior, supervision, and outcomes into a clear risk narrative Technical Skills (Expected)Strong proficiency in: SPL (Splunk Query Language) SQL or similar query languages Working knowledge of: Python or similar scripting language for data analysis Data visualization tools (Tableau, Power BI, or similar) Experience with: Log analysis platforms / SIEM systems Large datasets and structured/unstructured data Understanding of: Behavioral analytics and anomaly detection techniques Good to HaveExperience with certification or testing environments Exposure to remote proctoring systems Understanding of exam scoring, cut scores, and statistical behavior Familiarity with standards such as ISO/IEC 17024 Important NoteThis role requires strong hands-on capability in data analytics, Splunk (advanced level), and forensic investigation thinking. It is not suited for purely audit, operations, or process-driven profiles. About Our Culture:EC-Council is driven by a mission to strengthen global cybersecurity capability and advance the profession of ethical hacking and information security. Our teams operate across regions and cultures, united by integrity, professionalism, and a commitment to meaningful impact. Continuous learning and accountability are encouraged, empowering individuals to take ownership of their contributions. Respect, trust, and ethical conduct guide how we work with colleagues, partners, and the global cybersecurity community.Additional Information:EC-Council is an equal opportunity workplace and an affirmative action employer. We are committed to providing equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We do not discriminate based on these or any other characteristics protected by applicable laws or regulations in the locations where we operate.EC-Council is dedicated to working with and providing reasonable accommodations to individuals with disabilities. If you have a medical condition or disability that limits your ability to complete any part of the application process and require reasonable accommodation, please contact us at and let us know how we can assist.To be eligible for this position, candidates must be able to provide proof that they are either a citizen of the country or have legal authorization to work in the country where the position is posted and are currently residing there. EC-Council does not offer employment to ineligible candidates and reserves the right to revoke employment in case the candidate loses the authorization to work.If, as part of the recruitment process, you are required to complete or submit any form of work, project, case study, or assignment, please note that such material will be considered the exclusive property of EC-Council. By submitting such work, you acknowledge that EC-Council retains all rights, title, and interest in the submitted content, including any intellectual property contained therein.Candidates further waive any intellectual property or moral rights in such submissions, confirm that the work is original and free of third-party infringement, and acknowledge that it is provided solely for evaluation purposes, with no ownership or other rights retained.Our Privacy Policy outlines how we collect, use, store, and protect your personal data during the recruitment process. This may include information such as your name, contact details, employment history, qualifications, and any other details you provide as part of your application. All data is handled in compliance with applicable data protection and privacy regulations.Please review our policy here: EC-Council Privacy Policy – User and Company | EC-Council. Submission of your application will be considered as your acceptance of the terms stated above.

Apply Now