Senior DFIR Specialist

Malleum
Remote

About The Position

Malleum is a premier cybersecurity consultancy that combines advanced offensive and defensive strategies to protect its clients. The team is recognized for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, excelling in identifying and mitigating sophisticated threats. They provide advanced adversarial emulation and critical support for cyber frameworks to large enterprises across various industries, and handle classified projects for governments with precision and discretion. Malleum is a small but impactful group, driven by deep technical expertise and client commitment, leading to growth. They are seeking a Senior DFIR Specialist to enhance their incident response and threat-hunting capabilities, and to lead and mentor team members. In this remote role, the specialist will lead and execute complex digital forensics and incident response engagements for Malleum clients facing sophisticated threat actors. The position requires both hands-on practice and technical leadership, involving coordination of investigations, guiding responders, and collaborating with Red Team and threat emulation specialists to understand and counter real-world adversaries. This is a significant opportunity within a fast-growing consultancy to protect organizations against advanced, persistent threats.

Requirements

  • Extensive experience in digital forensics and incident response across enterprise environments.
  • Strong knowledge of adversarial TTPs, attacker tooling, and intrusion lifecycle stages.
  • Practical exposure to Red Teaming or adversary emulation concepts, and the ability to translate offensive insights into defensive action.
  • Demonstrated ability to lead or mentor team members during high-pressure incident response engagements.
  • Experience with endpoint, network, and cloud forensic analysis tools and techniques.
  • Excellent written and verbal communication skills, with the ability to produce clear, actionable reports.

Responsibilities

  • Lead and perform end-to-end DFIR investigations, including evidence acquisition, analysis, containment, and remediation.
  • Analyze attacker behavior across endpoints, networks, and cloud environments, with a strong focus on adversarial TTPs and attacker tradecraft.
  • Apply Red Team and adversary emulation insights to improve detection, response, and containment strategies.
  • Serve as a technical lead on incident response engagements, coordinating activities and guiding junior team members.
  • Communicate findings clearly to both technical and non-technical stakeholders, including executive-level audiences.
  • Contribute to the development of DFIR playbooks, detection logic, and internal methodologies.
  • Support threat hunting, post-incident reviews, and proactive security improvement initiatives for clients.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service