Position Details

Type Full-Time

Experience lead

Exp. Years 6–8 years

Education Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent practical experience

Category Cybersecurity

About this role

Lead DFIR consultant delivering expert incident response and digital forensics services to clients, guiding investigations and providing actionable remediation guidance across enterprise environments.

Key Responsibilities

Lead and execute digital forensics and incident response investigations across enterprise environments
Serve as a technical lead on incident response engagements
Conduct advanced host, network, and cloud investigations
Perform forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry
Provide clear technical findings and remediation guidance

Technical Overview

Hands-on DFIR tooling (EnCase, FTK, SleuthKit, Volatility) across Windows/Linux/macOS; experience with MITRE ATT&CK and enterprise incident response; strong client-facing and mentorship capabilities.

Ideal Candidate

The ideal candidate is a lead DFIR professional with 6+ years of incident response and digital forensics experience, able to lead complex investigations, guide clients, and mentor junior staff. They should be proficient with common DFIR tools and MITRE ATT&CK-aligned methodologies, and comfortable working remotely with client-facing engagements.

Must-Have Skills

Bachelor’s degree in Computer ScienceInformation Securityor related field or equivalent practical experience6–8 years of hands-on DFIR experienceExperience investigating enterprise-scale security incidentsStrong understanding of forensic methodologies and evidence handlingHands-on DFIR tools

Nice-to-Have Skills

Experience with cloud/hybrid environmentsMITRE ATT&CK knowledgeMalware triage or reverse engineeringConsulting or managed service experienceSecurity certifications (GCFAGCFECISSPGCIH)

Tools & Platforms

EnCaseFTKSleuthKitVolatility

Required Skills

Digital forensicsincident responseforensic analysisevidence handlingchain-of-custodyEnCaseFTKSleuthKitVolatilityWindowsLinuxmacOSMITRE ATT&CKGCFAGCFEGCIHCISSP

Hard Skills

Digital forensicsIncident responseForensic analysisEvidence handlingChain-of-custodyEnCaseFTKSleuthKitVolatilityWindowsLinuxmacOSMITRE ATT&CKGCFAGCFEGCIHCISSP

Soft Skills

LeadershipClient communicationMentorshipStrategic thinkingProject management

Certifications

Required

GCFAGCFEGCIHCISSP

Industry & Role

Industry Cybersecurity

Job Function Deliver expert DFIR and incident response services to clients as a senior consultant

Role Subtype Incident Responder

Tech Domains Cybersecurity, Windows, Linux, macOS, EnCase, FTK, SleuthKit, Volatility

Keywords for Your Resume

Principal ConsultantReactive ServicesUnit 42DFIRdigital forensicsincident responseforensic analysisroot causechain-of-custodyEnCaseFTKSleuthKitVolatilityWindowsLinuxmacOSMITRE ATT&CKGCFAGCFEGCIHCISSPGCFA GCFE GCIH CISSP

Deal Breakers

Lack of 6+ years DFIR experience, Inability to travel up to 20%

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Principal Consultant, DFIR, Reactive Services (Unit 42)

Get matched to jobs like this