Senior Director, Digital Forensics and Incident Response

About The Position

Requirements

• 3–5 years of hands-on DFIR experience in real-world incidents
• 6–10 years in client-facing consulting, incident response, or cyber advisory roles
• Proven experience as an incident commander or senior DFIR lead
• Strong background in ransomware, cloud/identity compromise, and complex attack investigations
• Experience working directly with executives, legal counsel, insurers, and technical teams
• Ability to manage multiple stakeholders, workstreams, and timelines under pressure
• Leadership experience mentoring or managing technical teams
• Strong knowledge across endpoint, cloud, identity, SaaS, and network forensics
• Experience with tools such as EnCase, FTK, Magnet AXIOM, Velociraptor, Splunk, Sentinel, CrowdStrike (or similar)
• Familiarity with Microsoft 365, Entra ID, Azure, AWS, Okta, Google Workspace
• Understanding of attacker tradecraft, including persistence, lateral movement, and data exfiltration
• Working knowledge of KQL, SPL, SQL, PowerShell, Python, or Bash
• Exceptional communication skills—able to translate technical issues into business impact
• Strong judgment in high-stress, ambiguous environments
• Composed, credible, and client-focused under pressure
• Collaborative leader with a focus on quality, mentorship, and outcomes
• All employees must be authorized to work in the United States of America.
• U.S. citizenship is required for employees to perform work on some of the company’s federal contracts.

Nice To Haves

• Experience working with breach counsel, insurers, or regulators
• Incident readiness, tabletop, or IR planning experience
• Certifications such as CISSP, GCFA, GCIH, GCFE, GNFA, OSCP

Responsibilities

• Act as incident commander for complex DFIR engagements end-to-end
• Serve as the primary client lead, advising executives, legal counsel, insurers, and stakeholders
• Lead investigations across ransomware, BEC, cloud/identity compromise, insider threat, and advanced attacks
• Direct forensic analysis across endpoints, cloud, identity, SaaS, email, and network environments
• Translate technical findings into clear business risk and remediation guidance
• Lead executive briefings, client updates, and post-incident reviews
• Manage multiple concurrent incidents in fast-paced, high-pressure environments
• Mentor and develop DFIR consultants and technical teams
• Support incident readiness, tabletop exercises, and client growth initiatives

Benefits

• Competitive compensation and comprehensive benefits package, with support for wellbeing, development, and career growth