✦ Luna Orbit — Cybersecurity

Consultant, DFIR, Reactive Services (Unit 42) - Remote

at Palo Alto Networks

📍 Burbank, United States of America Remote Posted April 02, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Contract
Experience mid
Exp. Years 3+ years
Education Not specified
Category Cybersecurity

About this role

Palo Alto Networks Unit 42 is seeking a remote DFIR Consultant to support reactive incident response engagements, perform digital forensics, and collaborate with clients to improve security posture. Travel approximately 30% to client sites is required.

Key Responsibilities

  • Support reactive incident response engagements and digital forensics investigations
  • Perform host-based forensic analysis across Windows, Linux, and macOS to identify IOCs
  • Assist in investigating data breaches using forensic and SIEM/EDR tools
  • Analyze logs from firewalls, endpoints, and web systems to identify evidence of compromise
  • Communicate findings clearly to technical and non-technical audiences; travel as needed

Technical Overview

Client-facing DFIR role focusing on host-based forensics, IOC detection, and investigation using EnCase/FTK/Splunk and EDR/SIEM tools across Windows, Linux, and macOS environments.

Ideal Candidate

Ideal candidates are cybersecurity consultants with at least 3 years in digital forensics and incident response, hands-on experience with SIEM/EDR tools, and strong communication skills for client-facing engagements. Travel is expected (~30%).

Must-Have Skills

3+ years of experience in digital forensicsincident responsecybersecurity operationsor related fieldHands-on experience with at least one of the following: endpoint forensicslog analysisSIEMor EDR toolsFoundational understanding of operating systems (WindowsLinuxmacOS) and common attack vectorsExperience analyzing security events and identifying Indicators of Compromise (IOCs)Strong problem-solving skills and ability to work in fast-pacedhigh-pressure environments

Nice-to-Have Skills

Experience with EnCaseFTKSplunkCrowdStrikeor similarFamiliarity with incident response frameworks and methodologiesUnderstanding of attacker tacticstechniquesand procedures (TTPs)GCFAGCIHSecurity+

Tools & Platforms

EnCaseFTKSplunkCrowdStrikeCarbon Black

Required Skills

Digital forensicsIncident responseCybersecurity operationsEndpoint forensicsLog analysisSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIndicators of Compromise

Hard Skills

Digital forensicsIncident responseCybersecurity operationsEndpoint forensicsLog analysisSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIndicators of Compromise

Soft Skills

Problem-solvingCommunicationFast-pacedClient-facingTeamwork

Certifications

Preferred

GCFAGCIHSecurity+

Industry & Role

Industry Cybersecurity
Job Function Deliver client-facing DFIR consultancy to investigate and respond to cybersecurity incidents
Role Subtype Incident Responder
Tech Domains Windows, Linux, macOS, EnCase, Splunk, SIEM, EDR, Endpoint forensics

Keywords for Your Resume

ConsultantDFIRReactive ServicesUnit 42Remoteincident responsedigital forensicsforensicsSIEMEDREnCaseFTKSplunkCrowdStrikeCarbon BlackWindowsLinuxmacOSIOCsIndicators of Compromiseforensics frameworksGCFAGCIHSecurity+

Deal Breakers

Less than 3 years in digital forensics/IR, No hands-on with SIEM/EDR tools, Unwilling to travel ~30%

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile