DFIR Engineer

Role Summary

We are looking for an Incident Response Engineer ( Telco) with strong hands-on experience in host-based investigations, compromise assessments, and forensic triage across diverse platforms. The ideal candidate will be capable of conducting investigations in Windows, Linux, and Unix environments, with additional exposure to container-based infrastructures.

Key Responsibilities

• Perform compromise assessments and large-scale artifact triage across Windows and Linux endpoints and servers.
• Lead and support host-based investigations , including log analysis, timeline reconstruction, and malware behavior identification.
• Utilize, customize, and optimize UAC scripts or related automated investigation tools.
• Conduct incident response activities in containerized environments such as Docker and Kubernetes , including analysis of container logs, images, and runtime behavior.
• Investigate security incidents and perform forensic analysis on Unix-based systems .
• Coordinate with SOC, threat intelligence, and platform teams during incident containment and remediation.
• Document investigation findings, root cause analysis, and technical recommendations.

Required Skills & Experience

• Must-Have Experience : Telecom industry Fraud & Security Analyst , Network Forensics Analyst or SOC Analyst (Telecom), Cyber Security Analyst (Telecom / SOC) .
• Hands-on experience in compromise assessment and enterprise-scale artifact triage.
• Strong background in host-based investigations across Windows, Linux, and Unix platforms.
• Practical experience using or customizing UAC scripts or similar automation tooling.
• Exposure to container ecosystems (Docker/Kubernetes) and their IR workflows.
• Working knowledge of DFIR tools (KAPE, Sysinternals, Velociraptor, OSQuery, ELK/Splunk, etc.).
• Understanding of malware behavior, persistence techniques, and endpoint telemetry.
• Strong analytical, communication, and reporting skills.
• 9 - 12 years of experience required

Preferred Qualifications

• Certifications such as GCIH, GCFA, GCFE, CHFI, or relevant security credentials.
• Familiarity with cloud environments (AWS, Azure, GCP) is a plus.
• Scripting knowledge (Python, PowerShell, Bash) beneficial for automation
• Bachelor’s degree in Telecommunication Cybersecurity, Computer Science, or Information Technology .
• Experience in Telecom industry is must