Responsibilities
- Provide oversight on high-severity or technically complex investigations, ensuring analytical accuracy and readiness for client discussions.
- Lead critical incident response engagements, including ransomware, APTs, nation-state, and insider threat cases, with a focus on clear communication and investigative excellence.
- Perform in-depth host-based forensics, network traffic analysis, malware triage and reverse engineering, cloud environment investigations, and threat actor profiling.
- Serve as a senior-level support resource during peak demand periods, managing multiple active investigations simultaneously.
- Develop, refine, and document standardized investigation methods, playbooks, and procedures to elevate team-wide performance.
- Mentor senior consultants and analysts in technical problem-solving, client interaction, and career growth.
- Support the development of future incident response leaders within the organization.
- Conduct internal training, publish technical content, share post-engagement insights, and expand institutional knowledge.
- Evaluate existing tools and workflows to identify inefficiencies and implement automated solutions, scripts, or integrations.
- Assist in recruiting by participating in candidate evaluations, technical interviews, and skill assessments.
- Establish and maintain trusted advisory relationships with key clients, especially during major security incidents.
- Support business development through technical scoping, proposal creation, statement of work reviews, and client-facing presentations.
- Represent the organization at industry events, through published research, webinars, and active participation in the DFIR community.
- Remain available beyond regular working hours to respond to urgent incidents and team escalations.
- Participate in scheduled on-call rotations commensurate with senior-level responsibilities.
- Identify and resolve deficiencies in team operations, investigation quality, or client service delivery.
- Model professional conduct, responsiveness, and accountability for the broader team.
Work Arrangement
Remote (Worldwide) — Anywhere in the U.S.
Other
- Maintaining consistent availability outside standard business hours for high-severity incident surges and team escalations.
- Participating in on-call rotation as appropriate for seniority.