DFIR Expert (Lead)

Role Description

We re Hiring: DFIR Expert (Lead)

Are you a technical leader who thrives on solving complex security breaches?

We are looking for a DFIR Expert to join our team at CyberProof. In this role, you will lead high-impact forensic investigations, drive incident response efforts, and shape the future of our DFIR service. You will serve as the highest escalation point, working hands-on to contain threats and protect our clients' environments.

What You Ll Do

• Investigate & Respond: Conduct deep-dive digital forensics investigations across file systems, memory, and networks. Leverage EDR, SIEM, firewalls, and diverse datasets to handle containment, eradication, and recovery.
• Lead the Effort: Act as the technical and management lead during incidents, managing communication both internally and externally with clients.
• Innovate & Automate: Develop custom tools to automate triage and accelerate the investigation process. Introduce and maintain systems to keep the team mission-ready.
• Own the Service: Collaborate with pre-sales, account managers, and subcontractors to scale the DFIR service, expand customer reach, and drive business growth.
• Deliver Clarity: Provide in-depth incident reports and comprehensive Root Cause Analysis.
  
  

• Experience: 3+ years of hands-on experience in DFIR, Threat Hunting, SOC, or InfoSec.
• OS & Network Internal Expertise: Deep understanding of Windows and Linux operating system essentials, network communications, and compromise footprints.
• Malware Analysis: Proven ability to perform dynamic and static malware analysis to extract actionable indicators of compromise (IOCs).
• Technical Breadth: Strong grasp of digital forensics methodologies, computer intrusion tactics, security architecture, and system administration.
• Mindset: A critical thinker with a proactive, action-oriented approach to problem-solving and excellent attention to detail.
• Availability: Ready to tackle confirmed breaches as part of our highest escalation tier, which includes 24/7 availability when critical incidents strike.
  
  

• Experience with macOS Forensics or Cloud Incident Response.
• Strong time management and communication skills.
• Industry-standard certifications such as GCFE, GCFA, GNFA, GCTI, GCIH, or GCIA.