Senior DFIR Consultant

Job Summary

You are a leader providing subject matter expertise in digital forensic and incident response investigations to TMHCC-CPLG insureds. You will lead your team through complex digital forensic investigations, hold close engagement with clients on sensitive matters, maintain chain-of-custody protocols, and facilitate accurate reporting.

Alongside your technical abilities, you will guide the forensic engagements of your team and effectively balance multiple priorities. As a player-coach you will mentor those on your team to enhance the team’s overall expertise and performance. You will guide your team through the execution of strategic initiatives to continue to enhance the teams DFIR capabilities, ensuring swift and effective response to cyber incidents. You serve as the first point of contact for insureds providing expert technical guidance and friendly professional communication.

Key Responsibilities

Relying on extensive knowledge and leadership skills, this role is accountable for the following responsibilities:

Leadership and Mentorship:

• Assign tasks, delegate responsibilities, and provide mentorship to team members.
• Support development and maintenance of operating procedures and best practices for DFIR team.
• Maintain positive, professional insured/carrier relationships.
• Foster a culture of innovation, continuous learning, and skill development within the DFIR team.

Client Management and Engagement:

• Act as the “Incident Commander” for insureds or their representatives during cyber incidents, providing clear communication, recovery direction, and/or updates on investigation progress.
• Conduct scoping calls with clients to understand the disruption, develop a roadmap to resolve the cyber security event, and provide initial triage to contain the threat.
• Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
• Communicate complex cybersecurity concepts internally and externally.
• Build strong insured relationships and maintain trust through effective communication and timely delivery of investigation results.

Incident Response Operations:

• Lead incident response activities during cyber security breaches, including initial triage, threat assessment, containment, eradication, and recovery phases.
• Support the development and maintenance of comprehensive incident response plans aligned with industry best practices.
• Conduct post-incident analysis to identify root causes and implement preventive measures to mitigate future risks.

Technical Experience:

• Stay informed about emerging cyber threats and technologies, including Tactics Techniques and Procedures and Indicators of Compromise associated with specific cyber-crime syndicates.
• Understand and be aware of changes in technology as it relates to forensic data for review, or forensic techniques available to provide the best combination of speed and accuracy in forensic findings.
• Provide expert technical guidance on digital forensics methodologies, evidence collection, analysis, and reporting.
• Conduct complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.

Competencies

Planning

• Contribute to the development of both short-term and long-term plans for designated area of the organization.

Communication

• Communicate team plans or results, internally and externally, at all organizational levels.
• Write, or is a major contributor to, technical reports or contractual documents.
• Present informational briefings.

Cost Management

• Develop innovative ways to improve financials.

Business Controls and Policies

• Comply with all corporate policies and procedures.

Education Requirements

Minimum 4 year / bachelor’s degree in cyber security, Computer Science, Information Technology related degree or relevant professional work experience

Certification, Licenses, and Designations

3 years former professional experience in DFIR and managing active cybersecurity engagements, including incident response, digital forensics investigations and working with insureds / clients and legal counsel.

Advanced degrees or certifications (CISSP, CISM, GCFE, GCFA, GREM, GBFA, GCIH, CFCE, CCE) are a plus.

Other

• Proven track record of success in managing complex cyber incidents.
• Experience in conducting security investigations in Linux and Windows environments.
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Knowledge of digital forensic artifacts and tools such as ELK, Axiom, Encase, X-Ways, SIFT, FTK (Forensic Tool Kit), Volatility, or Open-Source tools.
• Experience in Digital Forensics, Network Forensics, Memory Forensics, and/or Malware Analysis.
• Scripting skills (PowerShell, Bash, Python, Go)
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)
• Strong understanding of legal and regulatory frameworks related to cyber security investigations such as PCI, NIST CSF, or other industry-specific regulations.
• Excellent communication and presentation skills to clearly and concisely communicate complex technical findings to clients and stakeholders.
• Strong ability to motivate and mentor team members.
• Superior organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to applicable area of the Company’s business to proactively respond to changing business environment.
• Advanced proficiency and experience using Microsoft Office package (Excel, Access, PowerPoint, Word).

Additional Working Conditions and Physical Conditions

• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pounds
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Occasional travel (up to 10% of time)