This is a fully remote position, open to applicants in Pennsylvania.

• Oversee incident response and digital forensics initiatives with a focus on cloud technology.

• Examine attacks related to cloud systems, identity breaches, ransomware, data theft, and unauthorized access.

• Evaluate cloud telemetry, which includes audit logs, IAM activities, network traffic, storage access, containers, and endpoint information.

• Perform forensic acquisition and analysis within cloud, hybrid, and enterprise settings.

• Act as a technical lead during ongoing investigations, directing strategy and client interactions.

• Provide clear findings, produce executive-ready reports, and offer remediation recommendations.

• Assist in the development of methodologies, playbooks, and tools for cloud investigations.

• Mentor team members and promote knowledge sharing within Unit 42.

• 6–8+ years of experience in DFIR, incident response, cloud security, or related fields in cybersecurity.

• 3+ years of practical experience in securing, operating, or investigating AWS, Azure, or GCP environments.

• Proven experience leading investigations into cloud breaches, ransomware, advanced intrusions, or data compromise incidents.

• In-depth understanding of cloud architecture, IAM, networking, logging, and security measures.

• Familiarity with analyzing cloud-native telemetry such as AWS CloudTrail, Azure Activity Logs, Microsoft Entra ID, or Google Cloud Audit Logs.

• Practical experience with industry-standard DFIR and investigative tools.

• Experience in investigating Windows, Linux, macOS, cloud workloads, and hybrid setups.

• Excellent communication and consulting skills in client-facing situations.

• Employee benefits may be found here.

Principal Consultant, Cloud DFIR

People also viewed