Job Details

Director, Digital Forensics & Incident Response (CONSULTANCY)

ANYWHERE, United States
  • Employment Type: Direct Hire
Our client, a leading global professional services firm, is seeking a Director, Digital Forensics and Incident Response to join their expanding team. The Director will be responsible for leading teams of consultants on high stakes incident response investigations for high profile clients as well as performing hands-on technical analyses. The successful candidate will have extensive experience as a DFIR consultant including  a background in scoping, coordinating, and overseeing multiple client engagements congruently as well as working in industry standard tools and technologies. The Director, DFIR, will be personally responsible for the investigation of network intrusions and other cybersecurity related incidents to determine the cause and extent of the breach. It is imperative this candidate has the ability to perform both host-based and network-based analyses and lead investigation teams. A background ensuring client matters are adequately staffed as well as experience liaising with both internal and external stakeholders is a must. The internal groups that the director will be responsible for working cross functionally with will include engagement managers, sales executives, junior consultants, and more. The ability to work with outside counsel, vendors, law enforcement agencies is required. Deep proficiency in industry standard operating systems like Linux, Windows, and others is necessary. Candidates with insurance panel experience and digital forensics paired with incident response certifications like GCFE, GCIH, CCE, and EnCE will be considered first. Send resumes to [email protected].

Position Description    
Will lead teams of professionals working high-stakes, high-profile incident response investigations for our clients as well as performing hands-on analyses yourself.  Will be expected to bring significant experience in the cybersecurity and technical consulting industries to bear on your casework. Will scope, coordinate, oversee, and conduct analyses on client engagements which necessarily requires familiarity with ever-evolving technologies. As a leader within the DFIR practice, the Director will have direct impact and appropriate responsibility for the quality of work produced by the practice as well as identifying and implementing appropriate measures to protect our long-standing reputation as a best-in-class provider of DFIR services.

Job Responsibilities:
Incident Response Investigations
  • Leads client engagement efforts from initial scoping calls to report delivery, including developing budgets and working with Engagement Managers to provide regular status updates
  • Investigates network intrusions and other cybersecurity incidents to determine the cause and extent of the breach; includes ability to perform host-based and network-based analysis and lead investigative teams
  • Counsels clients in distress and provide guidance around containment and remediation measures across all major operating systems and network device platforms
  • Produces high quality oral and written work product presenting complex technical issues clearly and concisely
  • Ensures that client matters are staffed adequately and efficiently and that agreed deadlines are met
  • Liaises with external stakeholders, including counsel, vendors, and law enforcement agencies
  • Drafts and conducts peer review of expert reports, affidavits, and other expert testimony, as necessary
  • Actively supports the mentorship and technical development of junior DFIR personnel
  • Supervises other DFIR staff, including coordinating teams of experts, assuring stellar work product, and assisting with performance reviews and mentorship of cybersecurity experts
  • Seeks opportunities to broaden expertise of DFIR personnel through in-house and outside training
  • Ensures the smooth functioning of the forensic laboratory under your direct supervision (if applicable); foster teamwork, information sharing, and inter-office collaboration and consistency
Practice Management
  • Collaborates with Marketing and other stakeholders on collateral and thought leadership content
  • Participation in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cybersecurity and preparedness
Required Expertise:
  • Strong work ethic and even stronger analytic, quantitative, and creative problem-solving abilities
  • Outstanding client service skills and a high level of professionalism.
  • Ability to anticipate and respond to changing priorities and operate effectively in a dynamic, demand-based environment, requiring flexibility and responsiveness to client matters and needs
  • Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.)
  • Proficiency with industry-standard forensic toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite/UFED, and FTK
  • Experience with conducting log analysis of various types of logs, including Windows Event Logs, Apache, IIS, and firewall logs
  • Clarity in written and oral communication
  • Confidence, humility, and a commitment to learning and teaching others in a collaborative environment of talented high performers
  • Comfort with intermittent periods of significant travel, evening and weekend hours
Preferred Experience:
  • GCFE, GCIH, CCE, EnCE or equivalent digital forensics/incident response certification
  • Experience with enterprise cloud infrastructures such as Amazon Web Services, G Suite, Office 365, and Azure
  • Proficiency with database querying and analysis
  • Interest in building intellectual capital for the firm by writing blogs, submitting to CFPs, and creating internal tools for analysis
Education:
  • Bachelor’s degree required; significant experience with sustained excellence in the Incident response industry

 

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)