DFIR Expert

🚨 We're Hiring: Senior IR & DFIR Specialist

📍 Location: Tel Aviv, Israel | 🏢 Company: Code Blue Cyber

At Code Blue Cyber, we help organizations prepare for, respond to, and recover from cyber crises. With deep operational experience and a proven track record managing high-impact incidents worldwide, we reduce downtime, minimize financial and regulatory impact, and protect reputations when it matters most. Headquartered in Tel Aviv and serving clients globally, we’re building the next generation of cyber crisis leadership.

We are seeking a highly seasoned Senior Incident Response (IR) and Digital Forensics (DFIR) Specialist to join our elite Incident Response team.

This is a senior technical specialist role focused on hands-on investigation and response to the most challenging cyber incidents. The ideal candidate possesses deep technical mastery, proven ability to execute complex DFIR tasks, and the capability to serve as a trusted technical advisor during high-stakes incidents (such as APTs and sophisticated ransomware attacks) within large enterprise environments.

• Full Incident Ownership: Take ownership in the core IR effort or an entire workstream, and conduct complex IR tasks during high-severity incidents (Ransomware, APTs, Data Breaches).
• Advanced DFIR Execution: Perform in-depth, hands-on forensic investigations including large-scale sophisticated attacks, conduct log analysis, host and network-based forensics, and malware analysis.
• Technical Leadership & Scoping: Technically lead small-scale proactive engagements, participate in ad-hoc scoping calls, and define investigation paths.
• Client Communication & Reporting: Lead client communication on dedicated sessions and present reports. Generate and present a comprehensive and professional report of findings from investigations, compliant with international standards and Chain-of-Custody principles.
• Threat Hunting & TTPs: Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in client’s networks, as well as security assessments and simulations. Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.
• Methodology and Tooling: Utilize and develop tools and methodologies to improve Code Blue's existing investigative and hunting technological stack.
• Collaboration: Collaborate with IT and Security teams during investigations and work closely with Threat Intelligence and Detection Engineering teams.

• 3+ years of hands-on DFIR and IR experience, specifically focusing on responding to high-impact cyber incidents.
• Proven track record of contributing effectively to complex security incidents (e.g., sophisticated ransomware, data breaches) in mid-to-large-scale environments.
• Deep technical understanding of the life cycle of advanced security threats, attack vectors, and various methods of exploration.
• Solid technical knowledge and hands-on proficiency in:
• Host-Based Forensics: Solid understanding of system and security controls on at least two operating systems (Windows, Linux, Unix, and macOS), including host-based forensics and experience with analyzing OS artifacts.
• Network Fundamentals: Deep technical understanding of network fundamentals and common Internet protocols.
• Data Analysis: Hands-on experience in data analysis (preferably network traffic or log analysis) in relevant data analysis and data science platforms (e.g., Splunk).
• Tool Fluency: Familiarity with enterprise SIEM platforms (e.g., Splunk, QRadar, ArcSight) and proficiency with core forensic and IR tools (e.g., EnCase, Volatility, EDRs).
• Scripting: Fluency with one or more scripting languages (i.e., Python) is a strong plus.
• Problem-Solving Skills: Bright, curious, and determined team player, who strives for excellence, with a problem-solver and in-depth thinker mindset.
• Communication: Excellent communication and interpersonal skills, including fluent English, with the ability to document and explain technical information in a concise, understandable manner.
• Knowledge Assets: Familiarity with cloud infrastructure, web application and servers, and mobile platforms is an advantage.
• Optional: Experience with malware analysis and reverse engineering is a strong advantage.

• GCFA – GIAC Certified Forensic Analyst
• GCIH – GIAC Certified Incident Handler
• GREM – GIAC Reverse Engineering Malware
• OSCP, OSCE, CISSP, or CISM

• An opportunity to join a high-impact, experienced IR team focused on the world's most critical cyber incidents.
• Work on challenging and diverse incidents with Enterprise clients worldwide.
• Competitive compensation, benefits, and professional development support.
• A mission-driven company with a culture of excellence and deep technical focus.

Send your resume and a short cover letter to: 📧 [email protected] 💥 Make an impact where it matters most. Join Code Blue Cyber – where incident response becomes resilience.