Principal Consultant, DFIR, Reactive Services (Unit 42) - Weekend Shift

About The Position

Requirements

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or a related field, or equivalent military experience.
• 6+ years of direct incident response or digital forensics consulting experience.
• Proficiency with host-based forensics, data breach response, and forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, or WireShark.
• Demonstrated experience managing the full lifecycle of a technical consulting engagement.
• Ability to travel as needed to meet business demands, averaging approximately 20%.

Nice To Haves

• Experience leading complex, multi-faceted engagements, from initial scoping to technical execution and client interfacing.
• Strong leadership skills with experience in mentoring or managing team members.
• Proven ability to establish credibility and executive presence with senior-level client stakeholders.
• Public-facing contributions to the cybersecurity community, such as public speaking, conference presentations, or publications.

Responsibilities

• Lead and manage complex incident response engagements, including scoping work, guiding clients through forensic investigations, and containing security incidents.
• Perform reactive incident response functions, including host-based analysis of Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
• Investigate data breaches by leveraging advanced digital forensics tools (e.g., EnCase, FTK, X-Ways, SIFT, Splunk) to determine the source and scope of compromises.
• Examine and analyze firewall, web, database, and other log sources to identify evidence of threat actor activity.
• Collaborate with clients and internal teams to provide strategic guidance and recommendations for long-term remediation and security posture improvement.
• Develop and produce high-quality, client-facing deliverables, including detailed reports and executive summaries.
• Provide mentorship and guidance to junior team members on incident response and forensics best practices, empowering others to develop their skills.