Principal DFIR Consultant

At Thales, we know technology has the ability to make our world more secure, sustainable, and inclusive – and that it’s all driven by human intelligence.

Because it takes human intelligence to build and power the systems and solutions that people depend on every day. So we stay curious and make space for diverse points of view. We share what we know and we challenge what’s possible.

From manufacturing and engineering to cybersecurity and space, we’re driving progress in some of the world’s most important industries – and working together to build a future we can all trust.

Role Overview:

A Principal DFIR Consultant (Digital Forensics and Incident Response) is responsible for leading the delivery of large and complex investigations/responses, developing and maintaining technical capabilities, and training/mentoring junior staff. The Principal DFIR Consultant drives technical excellence and research for the DFIR practice and can take a leading role in the operational elements of the investigation. This role combines the practices of digital forensics and incident response to assist our customers in the successful containment and eradication of a major security threat. The Principal DFIR Consultant is responsible for conducting research and development, ensuring the tools and procedures used by the DFIR team are on the cutting edge of technical excellence, and applying these to the delivery of client work.

The Principal DFIR Consultant may also be responsible for liaising with customers, third party providers, law enforcement, legal and insurance firms.

About You:

As the foremost technical expert in DFIR at Tesserent, you will be comfortable taking a substantive role in technical leadership of engagements with a minimal amount of supervision. You should be confident in high-pressure situations, detail oriented, and able to collaborate effectively with the relevant teams to deliver a good outcome for our clients. You should be inquisitive and a keen researcher, attentive to the ever-changing landscape of security, and be proactive about improving the tools and methodologies used by the team. You should enjoy mentoring and educating your colleagues to ensure we are best skilled and equipped for our engagements.
 

Accountabilities:

• Develop and maintain the technical capabilities of the DFIR team, including research and development, tool and methodology uplift, and education/mentorship of the team to ensure a high standard of excellence

• Assist with building and maintaining relevant compute, storage, and networking infrastructure to support the DFIR team’s requirements

• Independently manage and deliver technical aspects of client engagements, including scoping, managing analyst efforts, and reporting to a high standard

• Demonstrate strong understanding of incident response, threat intelligence, and forensic investigation concepts and methodologies, applying these to engagement delivery as well as the strategy for technical uplift

• Interface and communicate effectively with clients at a variety of levels, as well as other stakeholders to deliver engagements and internal development projects
   

Business Skills:

• Excellent written and verbal skills to clearly explain concepts to diverse stakeholders

• Identifying and articulating security advice across all levels of an organisation

• Ability to articulate desired state outcomes for clients, particularly in complex circumstances such as active incidents
   

Leadership Skills:

• Must be open minded and forward thinking in terms of vision for the business and team culture

• Must effectively mentor and develop junior staff, particularly through challenging or complex engagements such as active incidents

Interpersonal & Intrapersonal Skills:

• Ability to speak about security confidently and accurately and to recommend security controls to experienced security professionals and executives

• Ability to work as a team, including collaboration with other Tesserent practices, to achieve common goals in both client facing and internal matters

• Flexibility and motivation to work across a variety of engagements

• Passionate, patient, and professional in navigating challenging situations such as active incidents

Knowledge & Experience:

• A Bachelor's degree in Information Security, Computer Science, or a related field is preferred but not essential.

• Minimum of 3 years experience in DFIR, with 5 total years experience in cybersecurity

• Has demonstrated technical experience across a variety of cybersecurity concepts

• Has demonstrated research and development experience directly pertinent to DFIR or related areas

• Has demonstrated software, systems, and network development experience

• Has demonstrated experience in mentorship and skills development

• Has demonstrated client facing experience, preferably during challenging situations such as active incidents

• Strong written and verbal communication skills to clearly explain concepts

• Open-minded and forward-thinking in terms of vision for the business and team culture

• Ability to work as a team with decisions made to support moving toward common goal

• Professional certifications are an advantage

It’s easy to dismiss the perfect opportunity if you don’t see yourself as the perfect fit. If this role feels right – no matter your background or personal circumstances – please introduce yourself or join our community. We’re committed to supporting a diverse workplace, and that starts here.

We’re proud to be endorsed by WORK180 as an Employer for All Women, but we know there’s always more we can do. We’ll continue to foster industry partnerships, employee resource groups (ERGs) and development opportunities to make Thales a genuinely equitable employer, for everyone.

Read more about our WORK180 endorsement.