Incident Response Expert

About The Position

Requirements

• 3+ years of hands-on experience in incident response, digital forensics, threat hunting, or cyber investigations—whether from the private sector, military, or government.
• Deep technical understanding of operating systems (Windows, Linux, macOS), file systems, registry and memory structures, and log analysis.
• Proficiency in network fundamentals and common protocols (DNS, HTTP/S, SMB, etc.) and network traffic analysis (e.g., PCAP review).
• Experience with tools such as EnCase, X-Ways, FTK, Velociraptor, Splunk, or Wireshark, and EDR platforms like CrowdStrike, SentinelOne, or Microsoft Defender.
• Competency in scripting or automation (e.g., Python, PowerShell) to support investigations.
• Excellent written and verbal communication skills; able to clearly convey complex technical topics to diverse audiences.
• Strong analytical thinking, attention to detail, and ability to work under pressure in time-sensitive environments.
• Willingness to travel.

Nice To Haves

• Familiarity with cloud environments (AWS, Azure, GCP) and related forensic techniques is a plus.
• Industry-recognized certifications (e.g., GCFA, GCIH, GNFA, GCIA, GREM, CISSP).
• Experience responding to ransomware, business email compromise (BEC), and advanced threat actor incidents.
• Experience presenting findings to legal counsel, regulators, or board-level stakeholders.
• Multilingual skills and experience in multinational or cross-cultural environments.
• A degree in Computer Science, Information Security, or a related field; or equivalent education or training in cybersecurity

Responsibilities

• Work with a team to conduct end-to-end forensic investigations, including log analysis, host and network forensics, malware triage, and memory analysis.
• Support response efforts for major cybersecurity incidents, collaborating closely with internal and external security and IT teams.
• Perform threat hunting activities in client environments to detect and eliminate advanced persistent threats.
• Identify Indicators of Compromise (IOCs) and attacker Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK.
• Analyze a wide variety of data sources (endpoint, network, SIEM, etc.) to build a clear picture of the attacker’s actions and impact.
• Leverage and contribute to Sygnia’s internal investigation tools, playbooks, and threat intelligence platforms.
• Communicate investigation results effectively to both technical stakeholders and executive leadership.
• Develop and present high-quality technical reports, timelines, and strategic recommendations to clients.
• Support the continuous improvement of internal methodologies, tooling, and knowledge sharing within the team.

Benefits

• Opportunities to influence how we scale our team, capabilities, and operations in a rapidly expanding market.
• Work with some of the best minds in cybersecurity on the world’s most high-impact cases.
• Operate in a fast-paced, elite-tier environment where your technical expertise is trusted and valued.
• Take part in meaningful, challenging work that directly shapes the outcomes for Fortune 500 organizations.
• Grow your career while staying hands-on in incident response and mentoring a highly capable team.