Job Description
- Lead digital forensics and incident response investigations across enterprise environments.
- Serve as a technical lead on incident response engagements.
- Conduct host, network, and cloud investigations to identify root cause, attacker activity, and scope of compromise.
- Perform forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry.
- Utilize industry-standard DFIR tools and methodologies to support incident containment and recovery.
- Deliver clear findings and remediation guidance to clients and stakeholders.
- Support development of DFIR playbooks, tools, and investigative methodologies.
- Mentor team members and contribute to knowledge sharing across Unit 42.
Requirements
- Bachelor's degree or equivalent practical experience.
- 6–8+ years of experience in DFIR, incident response, security operations, or related cybersecurity disciplines.
- Experience investigating ransomware, intrusion activity, and other enterprise-scale security incidents.
- Strong understanding of forensic acquisition, evidence handling, and investigative methodologies.
- Hands‑on experience with DFIR tools such as EnCase, FTK, SleuthKit, Volatility, or equivalent frameworks.
- Experience investigating Windows, Linux, and macOS environments.
- Strong analytical, problem‑solving, and client‑facing communication skills.
Benefits
- Employee benefits
- Opportunity for professional development
- Flexible work arrangements
