General Manager, DFIR

Key Responsibilities: 

• Lead forensic investigation and root cause analysis of cyber incidents across OT/ICS and IT environments 
• Coordinate incident response activities, manage breach containment, and ensure recovery compliance 
• Develop and maintain playbooks, SOPs, and readiness frameworks for both proactive and reactive DFIR measures 
• Build and manage forensic labs and tooling infrastructure for memory, disk, network, and cloud forensics 
• Interface with client CISO teams and legal/compliance teams during forensic escalations 
• Mentor and lead junior investigators and ensure skill development through hands-on training 
• Drive continuous improvement initiatives in forensic collection, chain of custody, and evidence handling procedures 
• Support expert testimony, litigation response, and legal documentation when required 
• Collaborate with red, blue, and purple teams for integrated threat mitigation strategy 
• Conduct forensic workshops, table-top exercises, and readiness assessments for clients 
• Liaise with global OEMs and DFIR product partners for capability enhancement 

Required Skills and Tools: 

• Proficient in: EnCase, FTK, Magnet AXIOM, Autopsy, Volatility, Wireshark 
• Experience with EDR/XDR platforms (e.g., CrowdStrike, SentinelOne, Carbon Black) 
• Familiarity with OT forensic challenges – including air-gapped ICS/SCADA systems 
• Understanding of MITRE ATT&CK, cyber kill chain, and attacker TTPs 
• Hands-on with cloud forensics (AWS, Azure, GCP) 
• Deep knowledge of ICS protocols like Modbus, DNP3, OPC-UA, etc.  

Personality Traits & Leadership: 

• Strong analytical and detail-oriented mindset 
• Strategic thinking with calmness under pressure 
• Proven leadership in crisis situations and stakeholder communication 
• Strong team management and mentorship capability 
• Collaborative and cross-functional coordination with SOC, engineering, legal, and client teams 

• Bachelor’s or Master’s in Cybersecurity, Computer Science, or related fields 
• Preferred certifications: GCFA, GCFE, CHFI, CISSP, or equivalent 
• 14 + years of cybersecurity experience with minimum 5 years in DFIR leadership roles 
• Experience managing DFIR services for critical infrastructure or consulting environments