DFIR Senior Engineer

Job Summary

Join us as a Senior DFIR Engineer and take a lead role in shaping our digital forensics and incident response practice for TMHCC-CPLG insureds. In this player-coach position, you'll combine deep technical expertise with strong leadership to drive complex engineering initiatives that enhance the scale, speed, and precision of our investigations. You'll guide a team of talented engineers through hands-on problem-solving, build scalable solutions for evolving threats, and help refine our consulting capabilities. Your mentorship will elevate team performance, ensuring we continue to deliver exceptional outcomes in high-stakes environments.

Key Responsibilities Intro

Relying on extensive knowledge and leadership skills, this role is accountable for the following responsibilities:

Key Responsibilities

• Leadership and Mentorship:
  • Assign tasks, delegate responsibilities, and provides mentorship to team members.
  • Support development and maintenance of operating procedures and best practices for engineering team.
  • Maintain positive, professional insured/carrier relationships.
  • Foster a culture of innovation, continuous learning, and skill development within the engineering team.
• Client Management and Engagement:
  • Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
  • Communicate complex engineering concepts internally and externally.
• Incident Engineering Operations:
  • Develop and maintain engineering automation in support of incident response plans aligned with industry best practices.
• Technical Experience:
  • Stay informed about emerging engineering technologies and industry best practices.
  • Understand and be aware of digital forensics methodologies for evidence collection, analysis, and reporting.
  • Provide expert technical guidance on engineering methodologies, automation techniques, software development and recovery techniques.
  • Occasionally, support complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.

Competencies

Planning

• Contribute to the development of both short-term and long-term plans for designated area of the organization.

Communication

• Communicate team plans or results, internally and externally, at all organizational levels.
• Write, or is a major contributor to, technical reports or contractual documents.
• Present informational briefings.

Cost Management

• Develop innovative ways to improve financials.

Business Controls and Policies

• Comply with all corporate policies and procedures.

Education Requirements

Minimum 4 year / bachelor’s degree in cyber security, Computer Science, Information Technology related degree or relevant professional work experience

Certification, Licenses, and Designations

3 years former professional experience in leading and managing security engineering teams, developing security automation and/or SOAR capabilities in support of security incident response, digital forensics, malware analysis or threat intelligence. Experience managing active cybersecurity engagements, including security incident response and digital forensics is also required for this role.

Advanced degrees or certifications in security (CISSP, CISM, GCFE, GCFA, GREM, GBFA, GCIH, CFCE, CCE) or cloud engineering (AWS Certified Security, Azure Security Engineer, Google Professional Cloud Security Engineer, CCNA, MCSE) are a plus.

Other

• Proven track record of success in managing complex engineering initiatives.
• Experience in conducting security investigations in Linux and Windows environments.
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Proficient scripting/programming skills: PowerShell, Bash, Python, Go, Rust
• Proficiency and experience with CI/CD: Jenkins, GitHub Actions, GitLab CI, Circle CI
• Proficiency and experience with containerization: Docker, Kubernetes
• Experience working with middleware or SOAR platforms: Tines, Splunk, Swimlane Cortex XSOAR
• Experience working with RESTful APIs for security automation.
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)
• Experience with threat intelligence platforms or open-source solutions.
• Experience with malware analysis methodologies.
• Experience administering various enterprise grade security tools and databases: SIEM, IAM, EDR, firewalls, IDS/IPS, VPN, data warehouses, DLP
• Experience with data backup and recovery, data replication, and data archival technologies.
• Experience with hypervisor technologies: VMWare, MS Hyper-V
• Strong understanding of legal and regulatory frameworks related to cyber security such as PCI, NIST CSF, or other industry-specific regulations.
• Excellent communication and presentation skills to clearly and concisely communicate complex technical findings to clients and stakeholders.
• Strong leadership abilities to motivate and mentor team members.
• Superior organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to applicable area of the Company’s business to proactively respond to changing business environment.
• Advanced proficiency and experience using Microsoft Office package (Excel, Access, PowerPoint, Word).

Additional Working Conditions and Physical Conditions

• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pounds
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Regular travel (up to 50% of time)