DFIR Consultant

Tokio Marine HCC

About The Position

Vector3, Inc., is an incident response firm supporting TMHCC Cyber and Professional Lines Group (CPLG). Vector3 specializes in responding to Business Email Compromise (BEC) and Ransomware incidents, helping insured organizations investigate, contain, and recover from cyber events. As a DFIR Consultant at Vector3, you will provide critical technical expertise in digital forensics and incident response for TMHCC insureds. You’ll conduct forensic analysis, support containment and recovery, and help insureds understand the scope and impact of cyber incidents. Working closely with senior consultants and analysts, you’ll balance investigative precision with effective communication, ensuring timely and accurate results that help clients resume operations securely.

Requirements

4 Year / Bachelors Degree in Cyber security, Computer Science, Information Technology or related field
2 Years professional experience in incident response, digital forensics, or cybersecurity operations
Proven track record supporting investigations in Windows, Linux, or cloud environments.
Knowledge of digital forensic artifacts, data preservation, and evidence handling.
Experience with EDR tools (Defender, SentinelOne, CrowdStrike) and SIEM technologies.
Understanding of frameworks such as NIST CSF, PCI DSS, ISO 27001.
Strong analytical, organizational, and time-management skills.
Excellent written and verbal communication abilities.

Nice To Haves

Advanced certifications such as CISSP, CISM, GCFA, GCFE, GREM, GCIH, CFCE, or CCE are preferred.
Certifications in cloud security or forensics (AWS Security, Azure Security Engineer, Microsoft 365 Defender Expert) are advantageous.

Responsibilities

Collaborate with peers and senior consultants to support investigation and response activities.
Communicate technical findings clearly to both technical and non-technical audiences.
Maintain positive, professional relationships with insureds and carriers.
Contribute to a team culture of innovation, continuous learning, and technical excellence.
Execute assigned tasks during all phases of cyber incident response: triage, containment, eradication, recovery, and lessons learned.
Perform forensic imaging, log collection, and analysis of affected systems, cloud platforms, and endpoints.
Support development and maintenance of incident response documentation and process improvement.
Assist in root-cause analysis and identification of attacker TTPs.
Conduct digital forensic investigations using tools such as ELK, Axiom, EnCase, FTK, or open-source alternatives.
Analyze endpoint and network telemetry (Defender, SentinelOne, CrowdStrike, etc.).
Stay current with emerging threat actor techniques, malware variants, and forensic methodologies.
Script or automate forensic tasks (PowerShell, Bash, Python) when applicable.
Follow work plans, established timelines, and predefined goals for assigned work.
Meet commitments on deadlines.
Communicate activities, results, and observations with employees and management as appropriate.
Identify areas for improvement in existing business practices.
Perform work thoroughly in a cost-efficient manner and at a high productivity level.
Comply with all corporate policies and procedures.
Report any breakdowns in controls to management.
Conduct all activities in a safe manner.
No people management responsibility.