✦ Luna Orbit — Cybersecurity

Consultant, DFIR, Reactive Services (Unit 42) - Remote

at Palo Alto Networks

📍 Burbank, United States of America Remote Posted April 02, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Contract
Experience mid
Exp. Years 3+ years
Education Not specified
Category Cybersecurity

About this role

Palo Alto Networks Unit 42 is seeking a remote DFIR consultant for Reactive Services to support incident response engagements. You will conduct digital forensics across multiple OS, analyze logs, and communicate findings to clients, with travel as needed.

Key Responsibilities

  • Support reactive incident response engagements and digital forensics investigations
  • Perform host-based forensic analysis across Windows, Linux, and macOS to identify IOCs
  • Assist in investigating data breaches using forensic and SIEM/EDR tools
  • Analyze logs from firewalls, endpoints, web, and other systems to identify evidence of compromise
  • Communicate findings effectively to both technical and non-technical audiences with guidance from senior team members

Technical Overview

Client-facing DFIR role focused on host-based forensics, IOC identification, and incident containment using EnCase/FTK/Splunk and EDR/SIEM tools on Windows, Linux, and macOS.

Ideal Candidate

The ideal candidate is a mid-level cybersecurity consultant with 3+ years in digital forensics and incident response, hands-on experience with SIEM/EDR tools, and strong client-facing communication skills. Willingness to travel and work remotely is required.

Must-Have Skills

3+ years of experience in digital forensicsincident responsecybersecurity operationsor related fieldHands-on experience with at least one of the following: endpoint forensicslog analysisSIEMor EDR toolsFoundational understanding of operating systems (WindowsLinuxmacOS) and common attack vectorsExperience analyzing security events and identifying Indicators of Compromise (IOCs)Strong problem-solving skills and ability to work in fast-pacedhigh-pressure environments

Nice-to-Have Skills

Experience with EnCaseFTKSplunkCrowdStrikeor similarFamiliarity with incident response frameworks and methodologiesUnderstanding of attacker tacticstechniquesand procedures (TTPs)GCFAGCIHSecurity+

Tools & Platforms

EnCaseFTKSplunkCrowdStrikeCarbon Black

Required Skills

Digital forensicsIncident responseCybersecurity operationsEndpoint forensicsLog analysisSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIndicators of Compromise

Hard Skills

Digital forensicsIncident responseCybersecurity operationsEndpoint forensicsLog analysisSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIndicators of Compromise

Soft Skills

Problem-solvingCommunicationFast-pacedClient-facingTeamwork

Certifications

Preferred

GCFAGCIHSecurity+

Industry & Role

Industry Cybersecurity
Job Function Provide client-facing DFIR consulting to investigate and respond to cybersecurity incidents
Role Subtype Incident Responder
Tech Domains Windows, Linux, macOS, EnCase, Splunk, SIEM, EDR, Endpoint forensics

Keywords for Your Resume

ConsultantDFIRReactive ServicesUnit 42Remoteincident responsedigital forensicsforensicsSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIOCsIndicators of Compromiseforensics frameworksGCFAGCIHSecurity+

Deal Breakers

Less than 3 years DFIR experience, No hands-on with SIEM/EDR tools, Unwilling to travel

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile