As a Director, you will lead teams of professionals working high-stakes, high-profile incident response investigations for our clients as well as performing hands-on analyses yourself. You are expected to bring significant experience in the cybersecurity and technical consulting industries to bear on your casework. You will scope, coordinate, oversee, and conduct analyses on client engagements which necessarily requires familiarity with ever-evolving technologies. As a leader within the DFIR practice, you will have direct impact and appropriate responsibility for the quality of work produced by the practice as well as identifying and implementing appropriate measures to protect our long-standing reputation as a best-in-class provider of DFIR services.
Incident Response Investigations
Lead client engagement efforts from initial scoping calls to report delivery, including developing budgets and working with Engagement Managers to provide regular status updates.
Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis and lead investigative teams.
Counsel clients in distress and provide guidance around containment and remediation measures across all major operating systems and network device platforms.
Produce high quality oral and written work product presenting complex technical issues clearly and concisely.
Ensure that client matters are staffed adequately and efficiently and that agreed deadlines are met.
Liaise with external stakeholders, including counsel, vendors, and law enforcement agencies.
Draft and conduct peer review of expert reports, affidavits, and other expert testimony, as necessary.
Actively support the mentorship and technical development of junior DFIR personnel.
Supervise other DFIR staff, including coordinating teams of experts, assuring stellar work product, and assisting with performance reviews and mentorship of cybersecurity experts.
Seek opportunities to broaden expertise of DFIR personnel through in-house and outside training.
Ensure the smooth functioning of the forensic laboratory under your direct supervision (if applicable); foster teamwork, information sharing, and inter-office collaboration and consistency.
Collaborate with Marketing and other stakeholders on collateral and thought leadership content.
Participation in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cybersecurity and preparedness.
You Bring Knowledge and Expertise
7+ years or more of sustained excellence in the Incident Response industry
Strong work ethic and even stronger analytic, quantitative, and creative problem-solving abilities.
Outstanding client service skills and a high level of professionalism.
Ability to anticipate and respond to changing priorities and operate effectively in a dynamic, demand-based environment, requiring flexibility and responsiveness to client matters and needs.
Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
Proficiency with industry-standard forensic toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite/UFED, and FTK.
Experience with conducting log analysis of various types of logs, including Windows Event Logs, Apache, IIS, and firewall logs.
Clarity in written and oral communication.
Confidence, humility, and a commitment to learning and teaching others in a collaborative environment of talented high performers.
Comfort with intermittent periods of significant travel, evening and weekend hours.
GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
Experience with enterprise cloud infrastructures such as Amazon Web Services, G Suite, Office 365, and Azure.
Proficiency with database querying and analysis.
Interest in building intellectual capital for the firm by writing blogs, submitting to CFPs, and creating internal tools for analysis.
Bachelor’s degree required.