This is a fully remote position, open to applicants in California.

• Oversee digital forensics and incident response investigations within enterprise settings.

• Act as a technical authority during incident response operations.

• Execute investigations on hosts, networks, and cloud systems to uncover root causes, attacker behavior, and the extent of compromise.

• Conduct forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry.

• Apply industry-standard DFIR tools and methodologies to aid in incident containment and recovery efforts.

• Provide comprehensive findings and remediation recommendations to clients and stakeholders.

• Assist in the creation of DFIR playbooks, tools, and investigative approaches.

• Guide team members and promote knowledge sharing across Unit 42.

• A bachelor's degree or equivalent practical experience.

• 6–8+ years of experience in DFIR, incident response, security operations, or related fields in cybersecurity.

• Proven experience in investigating ransomware, intrusion activities, and other large-scale security incidents.

• In-depth knowledge of forensic acquisition, evidence management, and investigative techniques.

• Practical experience with DFIR tools such as EnCase, FTK, SleuthKit, Volatility, or similar frameworks.

• Proficient in investigating environments across Windows, Linux, and macOS.

• Excellent analytical, problem-solving, and communication skills, especially in client interactions.

• Employee benefits

• Opportunity for professional development

• Flexible work arrangements

Principal Consultant, DFIR, Reactive Services – Weekend Shift

People also viewed