Principal DFIR Consultant

This is a fully remote position, open to applicants in United States.

📋 Description

• Assume the Oversight role for complex or high-severity projects, reviewing findings prior to client discussions, providing in-depth technical insights, anticipating client inquiries, and ensuring the quality of analysis and deliverables.

• Take on the role of engagement Lead for the most intricate or sensitive investigations (such as ransomware, APT, nation-state, and insider threats), establishing standards for client communication and investigative thoroughness.

• Perform advanced host forensics, network analysis, malware reverse engineering/triage, cloud forensics, threat actor attribution, and intelligence-driven investigations.

• Act as a reliable surge resource for the team during peak volume periods, offering senior-level support across multiple concurrent engagements.

• Develop, document, and sustain DFIR investigation methodologies, playbooks, and SOPs that elevate the baseline quality for the entire practice.

• Actively mentor Senior Consultants and Analysts; provide direction on technical challenges, client relations, and professional growth. Contribute to developing the next generation of DFIR leaders.

• Lead internal training sessions, author technical blog posts and research, document lessons learned, and enhance the team's collective knowledge base.

• Identify shortcomings in existing tools and processes; create and implement automation, scripts, or integrations to enhance investigative efficiency across the team.

• Engage in candidate screening, technical interviews, and skills assessments to assist in building a high-quality team pipeline.

• Cultivate deep, trusted relationships with key clients and stakeholders; act as a credible senior voice during critical incidents.

• Assist in pre-sales activities, including technical scoping, proposal creation, SOW review, and client presentations for DFIR, Compromise Assessment, and IR Advisory engagements.

• Represent GuidePoint Security externally through conference presentations, webinars, publications, and active engagement with the broader DFIR community.

⛳️ Requirements

• Over 8 years of hands-on DFIR experience, encompassing complex incident response and forensic investigations.

• More than 10 combined years of IT and information security experience.

• Proven experience in a Lead or senior technical capacity on high-severity engagements (ransomware, APT, nation-state, or insider threat).

• Expert-level proficiency in various DFIR disciplines: host forensics, network forensics, log analysis, malware triage, cloud IR, and BEC investigations.

• Outstanding written and verbal communication skills; capable of presenting intricate technical findings to executive and legal audiences.

• Established history of mentoring and developing junior and mid-level technical personnel.

• Experience in developing or contributing to DFIR methodologies, playbooks, or tooling.

🏝️ Benefits

• Primarily remote workforce (U.S. based only, some travel may be necessary for specific positions, and on-site work may be required for Federal roles).

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint covers 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of employee premiums and 75% for family plans (spouse/children/family). If opting for the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per employee annually / $1750 per family annually (includes spouse/children/family options).

• Group Dental Insurance: GuidePoint covers 100% of the premium for employees and 75% for family plans.

• 12 corporate holidays and a Flexible Time Off (FTO) program.

• Healthy mobile phone and home internet allowance.

• Eligibility for retirement plan after 2 months at open enrollment.

• Pet Benefit Option.