DFIR Managing Director of Engineering

Job Summary

Join us in shaping the future of TMHCC-CPLG as a key leader in our Digital Forensics and Incident Response (DFIR) team. In this senior role, you will lead a team of DFIR specialists, driving excellence in digital investigations, rapid incident response, and proactive threat mitigation for our insured clients.

You will play a pivotal role in advancing our DFIR capabilities—guiding strategy, leading high-stakes investigations, and delivering expert insights during cyber incidents. From managing response operations to acting as a trusted advisor to clients, you'll ensure our team stays ahead of emerging threats and continues to deliver swift, effective support when it matters most.

Key Responsibilities

Relying on extensive knowledge and advanced leadership skills, this role is accountable for the following responsibilities:

Leadership and Team Management

• Supports the recruitment and development of a high-performing DFIR team, including technical specialists in areas like malware analysis, digital evidence collection, extortion negotiations, and recovery.
• Assign tasks, delegate responsibilities, and provide mentorship to team members.
• Develop and maintain operating procedures and best practices for DFIR team.
• Build and maintain insured/carrier relationships.
• Invest in career development and provide mentorship to a team that will grow with time and experience.
• Foster a culture of innovation, continuous learning, and skill development within the DFIR team.

Client Management and Engagement

• Act as the “Incident Commander” for insureds or their representatives during cyber incidents, providing clear communication, recovery direction, and/or updates on investigation progress.
• Conduct scoping calls with clients to understand the disruption, develop a roadmap to resolve the cyber security event, and provide initial triage to contain the threat.
• Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
• Communicate complex cybersecurity concepts internally and externally.
• Build strong insured relationships and maintain trust through effective communication and timely delivery of investigation results.

Incident Response Operations

• Lead incident response activities during cyber security breaches, including initial triage, threat assessment, containment, eradication, and recovery phases.
• Develop and maintain comprehensive incident response plans aligned with industry best practices
• Conduct post-incident analysis to identify root causes and implement preventive measures to mitigate future risks.

Technical Experience

• Stay informed about emerging cyber threats and technologies, including Tactics Techniques and Procedures and Indicators of Compromise associated with specific cyber crime syndicates.
• Understand and be aware of changes in technology as it relates to forensic data for review, or forensic techniques available to provide the best combination of speed and accuracy in forensic findings.
• Provide expert technical guidance on digital forensics methodologies, evidence collection, analysis, and reporting.
• Conduct complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.

Business Development and Strategy

• Identify new business opportunities and contribute to strategies to expand the DFIR service offerings.
• Contribute to the overall cybersecurity strategy, including pricing models, service packages, and marketing initiatives.
• Collaborate with other security teams within the TMHCC-CPLG to provide holistic cybersecurity solutions to clients.

Competencies Planning

• Contribute to the development of both short-term and long-term plans for designated area of the organization.
• Coordinate resources to ensure strategies are executed.

Communication

• Communicate team plans or results, internally and externally, at all organizational levels.
• Write, or is a major contributor to, management/technical reports or contractual documents.
• Present informational briefings.

Cost Management

• Develop innovative ways to improve financials.

Business Controls and Policies

• Comply with all corporate policies and procedures.

People Management

• Has full HR responsibility for direct reports including making hiring decisions, training, coordinating work, establishing standards, reviewing work, conducting performance appraisals, and providing coaching or counseling.

Other

• Proven track record of success in leading/building DFIR teams and managing complex cyber incidents.
• Experience in conducting security investigations in Linux and Windows environments.
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Knowledge of digital forensic artifacts and tools such as ELK, Axiom, Encase, X-Ways, SIFT, FTK (Forensic Tool Kit), Volatility, or Open-Source tools.
• Experience in Digital Forensics, Network Forensics, Memory Forensics, and/or Malware Analysis.
• Scripting skills (PowerShell, Bash, Python, Go)
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)