DFIR Lead (Digital Forensic & Incident Response Lead)

Client: Tech Consulting

Role: DFIR Lead

Job Type: Permanent

Location: Remote in Canada/US + 10% Travel

Your New Company

Our client, a very well-known global company to hire a DFIR Lead for a permanent role.

Your New Role:

• Responsible for being a focal incident response point for all within the organization (Incident Response/Post Breach Remediation/RMS Advisory/MSSP Advisory). This includes being able to provide initial analysis and identification of IOC’s, escalation to the appropriate business units and post-incident activities.

• Oversee Incident Response Plans: Design, implement, and manage the client's incident response policies and procedures to ensure preparedness.

• Coordinate Incident Response Teams: Lead cross-functional teams during security incidents, ensuring an organised and timely response.

• Triage and Prioritise Incidents: Assess incidents for severity and potential impact, assigning appropriate resources and setting response priorities.

• Communication: Serve as technical point of contact during an incident, providing updates to internal and external stakeholders.

• Serve as an incident manager, reporting key findings, barriers, escalations and concerns to the Head of DFIR, while liaising with Legal, Director of Sales and IRC team

• Support the Global Head of DFIR with Project based work that advances the output and productivity of the department and organization

• Maintain and prepare departmental reports for Key Performance Indicators (KPIs) to be presented to the Global Head of DFIR and EVP Sales & Revenue as needed

• Provide leadership and support to the CERT team, acting as a backup for the Global Head of DFIR during vacations or time-off

• Responsible for supporting a wide number of technologies and being able to proficiently perform advanced troubleshooting on the fly (packet captures, debugs, traffic analysis)

• Work on the continued development of DFIR/CERT and Machine investigation lifecycles as part of the ongoing process to enhance IR capabilities; also provided significant contribution to the revision of Incident Response and Post Breach Remediation policies, procedures and process.

• Responsible for developing and documenting Incident Response methods and guidelines for the organizations

• Develop a detailed Incident Response run book of tools, techniques and forensic methods for personnel to utilize during investigations.

• Support in the departments DFIR tooling selection process and any proof-of-concept projects.

• Chain of Custody: Ensure that evidence is collected, handled, and preserved in a legally defensible manner, maintaining the chain of custody for potential litigation.

• Perform live-endpoint investigation, including the identification and gathering of key forensic artifacts, offline investigation as needed and providing remediation actions as needed.

• Implements and deploys an Incident Response focused ticketing system to improve incident tracking, remediation and metrics for incidents worked.

• Post-incident Analysis: Conduct root cause analysis after incidents to identify vulnerabilities and develop strategies to prevent recurrence.

• Recovery Support: Work closely with IT and cybersecurity teams to guide recovery efforts, including system restoration and remediation.

• Responsible for working with 3rd parties in order to assist with incident response, business email compromise, security breach, improve overall security, investigations, recommendations and remediation.

• Responsible for reporting of security metrics related to the Incident Response team.

• Provides mentoring to team members of incident response techniques and methodologies

• Assists Sales and SOC in the successful conversion from incident response, PBR, RMS, eDiscovery to SOC; including process and procedure build out.

• Developing and providing high-level technical reports in response to clients

• Developing and providing high-level business unit specific KPI’s to senior management

• Developing and providing metrics surrounding the departments utilization, engagement timelines, profitability and billing

• Supporting Incident Response Coordinator (IRC) workflows.

• Incident Response Metrics and Reporting: Track and report key performance indicators (KPIs) and metrics related to incident response and digital forensics to senior leadership.

• Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations.

• Understand the process for time tracking and auditing to ensure Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations.

• Create and maintain and enhanced onboarding program that is concise and repeatable, effectively covering all aspects of the CERT role

• Serve as a member of a 24x7/365 service delivery team that handles incident response, post breach remediation, escalation, required to perform complex investigations and/or troubleshooting and driving root cause to resolution.

• Incident Response Training: Organise and lead training sessions and simulations (e.g., tabletop exercises) for CERT staff to improve readiness and response capabilities.

• Client Education: Raise awareness across external organisations about digital forensics, incident response protocols, and security best practices.

• All activities and responsibilities will be required to provide support to the Global CERT team and are not limited to one region

• Maintain and manage AWS instances to ensure timely deletion and removal of data to minimize company and customer fees/overages

What You’ll Need to Succeed:

• Minimum 6 - 7 years of experience in Incident Response

• Experience in conducting Tabletop Exercises in Incident Response

• Experience in the deployment and management of EDR Technology

• Experience with Security Technologies and NIST Framework

• Developing, documenting and implementing incident response methods, process

• Perform live endpoint investigations

• Experience in forensic investigations both on-premise and cloud

• Experience in mentoring developing and delivering inhouse training

• Must be available to provide coverage to meet business requirements in 3 regions

• Strong knowledge of DFIR Tools

• Strong knowledge of Virtualization Technologies, Operating Systems, Firewalls, VPN’s, SIEM, Enterprise Gateway Technologies, Networking Devices, Security Technologies, etc.

What You’ll get in Return

The client is offering a permanent opportunity with benefits.

Interested?

If you’re available and interested in this role, please reply to Shivangi.gupta@hays.com as soon as you can attaching your updated resume.