Digital Forensics & Incident Response

Job Summary

We are seeking a highly skilled Digital Forensics & Incident Response (DFIR) Specialist to lead and support enterprise-wide security investigations. The ideal candidate will be responsible for managing the full incident response lifecycle, conducting advanced forensic investigations, performing threat hunting activities, and enhancing the organization's overall security posture.

Key Responsibilities

Incident Response & Management

• Respond to security incidents in a timely manner according to agreed SLAs.
• Take necessary actions to contain, eradicate, and recover from security incidents.
• Assess and document incident impact.
• Handle on-call requests and manage critical or high-severity incidents during off-hours.
• Coordinate and communicate effectively with IT, security teams, and external stakeholders during incidents.

Investigation & Forensics

• Perform triage and analysis of large-scale incidents across:
• Windows
• Linux
• Mac
• Unix platforms
• Identify root causes, attack vectors, and exploited vulnerabilities.
• Analyze adversary tactics and techniques and map findings to the MITRE ATT&CK framework.
• Build detailed event timelines.
• Investigate network traffic for compromise assessment and threat actor hunting.
• Analyze malware, malicious macros, and obfuscated scripts.
• Document malware behavior, origin, capabilities, and impact.
• Preserve evidence and maintain proper Chain of Custody (COC).

Threat Hunting & Intelligence

• Conduct proactive threat hunting activities.
• Perform Threat Intelligence analysis.
• Participate in purple teaming activities.
• Develop and enhance threat detection capabilities.
• Provide short-term and long-term recommendations to improve security posture.

Tools, Automation & Technical Expertise

• Use and customize DFIR tools such as:
• KAPE
• UAC
• Thor
• Velociraptor
• Volatility
• Wireshark
• Develop scripts using Python, Bash, and PowerShell for analysis and automation.
• Utilize SOAR technology for orchestration and automated response.

Reporting & Knowledge Sharing

• Document all actions, findings, and evidence clearly and accurately.
• Produce detailed incident reports and lessons learned reports for both technical and non-technical stakeholders.
• Lead and facilitate tabletop exercises involving technical and non-technical teams.
• Stay updated on emerging threats and vulnerabilities.
• Share knowledge and mentor junior team members to enhance team capability.

Qualifications & Experience

• Proven experience in Digital Forensics and Incident Response.
• Strong knowledge of enterprise operating systems and network analysis.
• Hands-on experience with DFIR and malware analysis tools.
• Experience in threat hunting and detection engineering.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Relevant certifications (GCFA, GCFE, GCIH, CEH, CHFI, etc.) are a plus.