Principal Consultant, DFIR

About The Position

Requirements

• Minimum 4 year / bachelor’s degree in cyber security, Computer Science, Information Technology related degree or relevant professional work experience
• 5 years former professional experience in leading and managing DFIR team and managing active cybersecurity engagements, including incident response, digital forensics investigations and working with insureds / clients and legal counsel.
• Proven track record of success in leading/building DFIR teams and managing complex cyber incidents.
• Experience in conducting security investigations in Linux and Windows environments.
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Knowledge of digital forensic artifacts and tools such as ELK, Axiom, Encase, X-Ways, SIFT, FTK (Forensic Tool Kit), Volatility, or Open-Source tools.
• Experience in Digital Forensics, Network Forensics, Memory Forensics, and/or Malware Analysis.
• Scripting skills (PowerShell, Bash, Python, Go)
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)
• Strong understanding of legal and regulatory frameworks related to cyber security investigations such as PCI, NIST CSF, or other industry-specific regulations.
• Excellent communication and presentation skills to clearly and concisely communicate complex technical findings to clients and stakeholders.
• Strong leadership abilities to motivate and mentor team members.
• Superior organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to applicable area of the Company’s business to proactively respond to changing business environment.
• Advanced proficiency and experience using Microsoft Office package (Excel, Access, PowerPoint, Word).
• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pounds
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Occasional travel (up to 10% of time)

Nice To Haves

• Advanced degrees or certifications (CISSP, CISM, GCFE, GCFA, GREM, GBFA, GCIH, CFCE, CCE) are a plus.

Responsibilities

• Support the recruitment and development of a high-performing DFIR team, including technical specialists in areas like malware analysis, digital evidence collection, extortion negotiations, and recovery.
• Develop and maintain operating procedures and best practices for DFIR team.
• Build and maintain insured/carrier relationships.
• Provide mentorship to a team that will grow with time and experience.
• Foster a culture of innovation, continuous learning, and skill development within the DFIR team.
• Act as the “Incident Commander” for insureds or their representatives during cyber incidents, providing clear communication, recovery direction, and/or updates on investigation progress.
• Conduct scoping calls with clients to understand the disruption, develop a roadmap to resolve the cyber security event, and provide initial triage to contain the threat.
• Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
• Communicate complex cybersecurity concepts internally and externally.
• Build strong insured relationships and maintain trust through effective communication and timely delivery of investigation results.
• Lead incident response activities during cyber security breaches, including initial triage, threat assessment, containment, eradication, and recovery phases.
• Lead case teams, assign tasks, delegate responsibilities, and oversee quality control on all analysis and work products.
• Develop and maintain comprehensive incident response plans aligned with industry best practices.
• Conduct post-incident analysis to identify root causes and implement preventive measures to mitigate future risks.
• Stay informed about emerging cyber threats and technologies, including Tactics Techniques and Procedures and Indicators of Compromise associated with specific cybercrime syndicates.
• Understand and be aware of changes in technology as it relates to forensic data for review, or forensic techniques available to provide the best combination of speed and accuracy in forensic findings.
• Provide expert technical guidance on digital forensics methodologies, evidence collection, analysis, and reporting.
• Conduct complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.
• Identify new business opportunities and contribute to strategies to expand the DFIR service offerings.
• Contribute to the overall cybersecurity strategy, including pricing models, service packages, and marketing initiatives.
• Collaborate with other security teams within the TMHCC-CPLG to provide holistic cybersecurity solutions to clients.
• Contribute to the development of both short-term and long-term plans for designated area of the organization.
• Coordinate resources to ensure strategies are executed.
• Communicate team plans or results, internally and externally, at all organizational levels.
• Write, or is a major contributor to, management/technical reports or contractual documents.
• Present informational briefings.
• Develop innovative ways to improve financials.
• Comply with all corporate policies and procedures.