DFIR Specialist (incident response)

Job Summary:

The DFIR Specialist is responsible for investigating cybersecurity incidents, performing digital forensic analysis, and leading incident response activities. The role focuses on identifying the root cause of security breaches, analyzing compromised systems, and supporting containment, eradication, and recovery efforts to minimize business impact.

Key Responsibilities:Incident Response

• Lead and support end-to-end incident response activities
• Identify, contain, eradicate, and recover from security incidents
• Coordinate with SOC, IT, and infrastructure teams during incidents
• Develop incident timelines and impact assessments

Digital Forensics

• Perform forensic analysis on endpoints, servers, and network devices
• Collect, preserve, and analyze digital evidence in a forensically sound manner
• Investigate malware infections, unauthorized access, and data breaches
• Analyze disk images, memory dumps, logs, and artifacts

Threat Analysis & Root Cause Investigation

• Identify attack vectors, threat actors, and compromised assets
• Perform deep-dive analysis of security incidents
• Reconstruct attack chains (kill chain analysis)
• Provide root cause analysis (RCA) reports

Tools & Technologies

• Use forensic tools such as: FTK, EnCase, Autopsy, Volatility, Wireshark
• Work with SIEM tools (Splunk, QRadar, Microsoft Sentinel)
• Utilize EDR tools (CrowdStrike, SentinelOne, Defender for Endpoint)

Reporting & Documentation

• Prepare detailed forensic investigation reports
• Document incident findings, evidence logs, and remediation steps
• Maintain chain-of-custody for all digital evidence
• Contribute to incident response playbooks and SOPs

Threat Intelligence & Prevention

• Collaborate with threat intelligence teams to identify emerging threats
• Recommend preventive controls and security improvements
• Support vulnerability remediation tracking

Required Skills & Qualifications:Education:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or related field

Technical Skills:

• Strong understanding of operating systems (Windows, Linux, macOS)
• Knowledge of file systems, memory structures, and network protocols
• Experience with forensic investigation methodologies
• Familiarity with malware analysis basics

Security Expertise:

• Incident response lifecycle (NIST / SANS framework)
• Digital forensic principles and evidence handling
• Cyberattack techniques (phishing, ransomware, lateral movement, privilege escalation)

Tools Experience:

• Forensics tools (FTK, EnCase, Autopsy, Volatility)
• SIEM platforms (Splunk, QRadar, Sentinel)
• EDR solutions (CrowdStrike, Defender, SentinelOne)

Soft Skills:

• Strong analytical and investigative mindset
• Ability to work under pressure during active incidents
• Attention to detail and documentation accuracy
• Strong communication and reporting skills

Preferred Certifications:

• GCFA (GIAC Certified Forensic Analyst)
• GCIH (GIAC Certified Incident Handler)
• CEH (Certified Ethical Hacker)
• CHFI (Computer Hacking Forensic Investigator)
• CompTIA Cybersecurity Analyst (CySA+)

Work Environment:

• High-pressure cybersecurity operations environment
• May require on-call or rotational incident response support
• Exposure to critical and sensitive security incidents

Job Type: Full-time

Application Question(s):

• Current Salary
• Expected Salary
• Notice Period

Experience:

• DFIR Specialist: 5 years (Preferred)

Work Location: In person