Principal Consultant, DFIR, Reactive Services (Unit 42) - Remote Weekend Shift
About The Position
The Principal Consultant, Reactive Services is a senior individual contributor role within Unit 42 responsible for delivering expert-level incident response and digital forensics services to clients across a wide range of industries and environments. In this role, you will serve as a technical leader on active investigations, partnering with Consulting Directors and engagement teams to respond to complex cybersecurity incidents. You will lead forensic investigations, identify attacker activity, determine scope and impact, and guide clients through containment, remediation, and recovery efforts. This position is ideal for an experienced DFIR practitioner who thrives in fast-paced incident response environments and enjoys solving complex technical challenges during critical security events. This role supports Unit 42's 24x7 incident response operations and requires a dedicated weekend overnight schedule consisting of four 10-hour shifts from Friday through Monday.
Requirements
- Bachelor's degree or equivalent practical experience.
- 6–8+ years of experience in DFIR, incident response, security operations, or related cybersecurity disciplines.
- Experience investigating ransomware, intrusion activity, and other enterprise-scale security incidents.
- Strong understanding of forensic acquisition, evidence handling, and investigative methodologies.
- Hands-on experience with DFIR tools such as EnCase, FTK, SleuthKit, Volatility, or equivalent frameworks.
- Experience investigating Windows, Linux, and macOS environments.
- Strong analytical, problem-solving, and client-facing communication skills.
Nice To Haves
- Experience responding to large-scale enterprise security incidents.
- Knowledge of MITRE ATT&CK and modern adversary tradecraft.
- Experience with malware triage or reverse engineering.
- Background in consulting, incident response, MDR, SOC, or other 24x7 security operations environments.
- Certifications such as GCFA, GCFE, GCIH, CISSP, or similar.
- Ability to work a dedicated weekend overnight schedule consisting of four 10-hour shifts from Friday through Monday.
- Ability to travel up to 20% as required.
Responsibilities
- Lead digital forensics and incident response investigations across enterprise environments.
- Serve as a technical lead on incident response engagements.
- Conduct host, network, and cloud investigations to identify root cause, attacker activity, and scope of compromise.
- Perform forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry.
- Utilize industry-standard DFIR tools and methodologies to support incident containment and recovery.
- Deliver clear findings and remediation guidance to clients and stakeholders.
- Support development of DFIR playbooks, tools, and investigative methodologies.
- Mentor team members and contribute to knowledge sharing across Unit 42.
Benefits
- bonus
- restricted stock units
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
