Senior Consultant, DFIR, Reactive Services (Unit 42)

About The Position

Requirements

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or a related field, or equivalent military/professional experience.
• 4+ years of direct experience in incident response or digital forensics.
• Proficiency in host-based forensics, data breach response, and evidence handling procedures.
• Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, or similar technologies.

Nice To Haves

• Prior experience in a client-facing incident response consulting role.
• Strong executive presence with the ability to communicate complex technical findings to C-level stakeholders.
• Demonstrated external presence through public speaking, conference presentations, or industry publications.
• Proven ability to build collaborative relationships with internal teams, external partners, and clients.

Responsibilities

• Lead end-to-end incident response engagements, guiding clients through investigation, containment, and long-term remediation strategies.
• Perform host-based forensic analysis on Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
• Analyze firewall, web, database, and other log data to uncover evidence of malicious activity and system compromise.
• Utilize advanced forensic tools (e.g., EnCase, FTK, Splunk) to investigate data breaches, determining the root cause and scope of malicious activity.
• Collaborate with clients and internal stakeholders to communicate findings, provide status updates, and deliver comprehensive reports.
• Mentor and empower junior consultants, sharing expertise in incident response and digital forensics best practices.
• Travel as required (approximately 20%) to meet client and business needs for on-site engagement.