Senior Digital Forensic Investigator

The Senior Digital Forensic Investigator serves as a tactical arm of eSentire’s Incident Response team. The main function of this role is to drive deep expertise and experience in incident response and digital forensics engagements. As a top tier operator, the position handles the most volatile and complex casework while ensuring optimum quality of service and responsiveness. Casework spans from financially motivated data breaches to state-affiliated espionage and ideology-driven attacks aimed at information gathering, manipulation, and disruption. Real domain expertise, mixed with the ability to execute and mastery of relevant technologies, must produce investigative conclusions that withstand scrutiny in a court of law.

The position operates in close coordination with eSentire’s SOC and customer success management teams to drive fast mobilization, source identification, containment, and quantification of informational losses in response to cyber attacks in motion. Incident Response work is an extremely demanding role. Cyber attacks don’t follow a schedule. Our team must be available when they happen. As a result, our team members are often called upon to work outside regularly scheduled work hours, through weekends and holidays, with little notice. When it’s not busy, we encourage our team members to make the most of that time and catch up on their personal business. Please give this some thought before you apply; this is a demanding and equally rewarding job, but it’s not for everyone.

Responsibilities:

• Drive deep domain expertise in cyber incident response and digital forensics engagements.
• Serve as case lead in the most demanding and volatile cyber investigations.
• Be a tactical force multiplier for all open and active investigations.
• Overlay with Customer Service Management and SOC teams to optimize quality of service.
• Own and manage all aspects of assigned incident response engagements.
• Be responsive to the customer’s voice and feedback.
• Strive for attention to detail and excellence in service delivery.
• Assist in scoping assignment activities as needed.
• Continually research and develop new methods and approaches to improve service delivery.
• Provide support and mentoring to junior level staff.
• Work rotating shifts and be available on an on-call basis as required.
• Be prepared to work, as required, for extended periods outside of regularly scheduled hours, including weekends and holidays.
• Be prepared to travel for short periods and work onsite at client locations throughout the United States and Canada, as required.

Requirements:

• A four-year degree in a relevant discipline and eight to ten years of DFIR experience.
• Experience acting in an IR consultant capacity, particularly in the investigation and remediation of polymorphic trojans and modern ransomware variants, conducting cloud-based investigations in AWS, GCP, Azure, and SaaS environments.
• Mastery of threat hunting using forensics at scale tooling and conducting web-based intrusion investigations.
• Extensive experience in one or more mainstream forensics tools such as EnCase, FTK, Axiom, X-Ways, etc.
• In lieu of education requirements, a military or law enforcement background with ten or more years of relevant work experience is acceptable.
• Demonstrable expertise in Digital Forensics Incident Response Investigations.
• Strong working knowledge of information security fundamentals.
• Working knowledge and hands-on experience with the following cybersecurity tools and technologies:

• Endpoint Detection and Response (EDR): CrowdStrike, SentinelOne, Microsoft Defender for Endpoint (MDE).
• Security Information and Event Management (SIEM): Splunk, Sumo Logic, IBM QRadar, Microsoft Sentinel.
• Firewall & VPN Logging Analysis: FortiGate, SonicWall, Meraki, WAF.
• Mass Forensic Triage Tools: Velociraptor, KAPE, Hayabusa.
• Active Directory Analysis Tools.