Principal DFIR Consultant

Job Summary

Join us in shaping the future of TMHCC-CPLG as a key leader in our Digital Forensics and Incident Response (DFIR) team. In this senior role, you will lead by example, driving excellence in digital investigations, rapid incident response, and proactive threat mitigation for our insured clients.

You will play a pivotal role in advancing our DFIR capabilities—guiding strategy, leading high-stakes investigations, and delivering expert insights during cyber incidents. From managing response operations to acting as a trusted advisor to clients, you'll ensure our team stays ahead of emerging threats and continues to deliver swift, effective support when it matters most.

Key Responsibilities

Relying on extensive knowledge and advanced leadership skills, this role is accountable for the following responsibilities:

Leadership and Team Development:

• Support the recruitment and development of a high-performing DFIR team, including technical specialists in areas like malware analysis, digital evidence collection, extortion negotiations, and recovery.
• Develop and maintain operating procedures and best practices for DFIR team.
• Build and maintain insured/carrier relationships.
• Provide mentorship to a team that will grow with time and experience.
• Foster a culture of innovation, continuous learning, and skill development within the DFIR team.

Client Management and Engagement:

• Act as the “Incident Commander” for insureds or their representatives during cyber incidents, providing clear communication, recovery direction, and/or updates on investigation progress.
• Conduct scoping calls with clients to understand the disruption, develop a roadmap to resolve the cyber security event, and provide initial triage to contain the threat.
• Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
• Communicate complex cybersecurity concepts internally and externally.
• Build strong insured relationships and maintain trust through effective communication and timely delivery of investigation results.

Incident Response Operations:

• Lead incident response activities during cyber security breaches, including initial triage, threat assessment, containment, eradication, and recovery phases.
• Lead case teams, assign tasks, delegate responsibilities, and oversee quality control on all analysis and work products.
• Develop and maintain comprehensive incident response plans aligned with industry best practices.
• Conduct post-incident analysis to identify root causes and implement preventive measures to mitigate future risks.

Technical Experience:

• Stay informed about emerging cyber threats and technologies, including Tactics Techniques and Procedures and Indicators of Compromise associated with specific cybercrime syndicates.
• Understand and be aware of changes in technology as it relates to forensic data for review, or forensic techniques available to provide the best combination of speed and accuracy in forensic findings.
• Provide expert technical guidance on digital forensics methodologies, evidence collection, analysis, and reporting.
• Conduct complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.

Business Development and Strategy:

• Identify new business opportunities and contribute to strategies to expand the DFIR service offerings.
• Contribute to the overall cybersecurity strategy, including pricing models, service packages, and marketing initiatives.
• Collaborate with other security teams within the TMHCC-CPLG to provide holistic cybersecurity solutions to clients.

Competencies

Planning

• Contribute to the development of both short-term and long-term plans for designated area of the organization.
• Coordinate resources to ensure strategies are executed.

Communication

• Communicate team plans or results, internally and externally, at all organizational levels.
• Write, or is a major contributor to, management/technical reports or contractual documents.
• Present informational briefings.

Cost Management

• Develop innovative ways to improve financials.

Business Controls and Policies

• Comply with all corporate policies and procedures.

Education Requirements

Minimum 4 year / bachelor’s degree in cyber security, Computer Science, Information Technology related degree or relevant professional work experience

Certification, Licenses, and Designations

5 years former professional experience in leading and managing DFIR team and managing active cybersecurity engagements, including incident response, digital forensics investigations and working with insureds / clients and legal counsel.

Advanced degrees or certifications (CISSP, CISM, GCFE, GCFA, GREM, GBFA, GCIH, CFCE, CCE) are a plus.

Leadership

Leadership Area of Leadership

2 years prior people management or team leadership roles

Other

• Proven track record of success in leading/building DFIR teams and managing complex cyber incidents.
• Experience in conducting security investigations in Linux and Windows environments.
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Knowledge of digital forensic artifacts and tools such as ELK, Axiom, Encase, X-Ways, SIFT, FTK (Forensic Tool Kit), Volatility, or Open-Source tools.
• Experience in Digital Forensics, Network Forensics, Memory Forensics, and/or Malware Analysis.
• Scripting skills (PowerShell, Bash, Python, Go)
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)
• Strong understanding of legal and regulatory frameworks related to cyber security investigations such as PCI, NIST CSF, or other industry-specific regulations.
• Excellent communication and presentation skills to clearly and concisely communicate complex technical findings to clients and stakeholders.
• Strong leadership abilities to motivate and mentor team members.
• Superior organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to applicable area of the Company’s business to proactively respond to changing business environment.
• Advanced proficiency and experience using Microsoft Office package (Excel, Access, PowerPoint, Word).

Additional Working Conditions and Physical Conditions

• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pounds
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Occasional travel (up to 10% of time)