Digital Forensics and Incident Response Consultant

Cylance   •  

Virtual / Travel

5 - 7 years

Posted 187 days ago

This job is no longer available.


  • Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
  • Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
  • Knowledge of and the ability to use popular EDR technologies during DFIR engagements
  • Experience analyzing a myriad of system and network logs using Splunk and/or ELK
  • Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
  • Ability to analyze PCAP data
  • Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
  • Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
  • Ability to be client facing by interacting with our clients and their executive leadership
  • Creative problem-solving abilities and an analytic and qualitative eye for reasoning
  • Self-starter with a knack for taking initiative and “getting things done”
  • Must have a passion for your work and an ability to apply that passion to both daily tasks and larger projects
  • Ability to work with a remote team via collaboration tools (Chat, Email, and Video Conferences)
  • Strong documentation skills, ability to write executive and technical DFIR reports
  • Ability to prioritize and complete multiple tasks with little to no supervision
  • Intellectual curiosity, humility, accountability and positive approach
  • Ability to work independently with substantial latitude for action and decision while maintaining focus on achieving optimal outcomes as part of a collaborative development effort
  • Willingness to travel 20% - 25% of the time on short notice
  • Work remote (from home) while not traveling


  • At least 3+ years of hands on client facing consulting experience or 5+ years of DFIR experience in a non-consulting environment
  • Proficient in either Python, Powershell and/or Go. Bonus points if you have a GitHub page.
  • Experience creating dashboards, writing Logstash filters, and performing complex searches within ELK
  • Experience writing Suricata rules with an emphasis on performance
  • Experience managing Bro installations and writing Bro scripts
  • Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
  • When an existing technology and/or process doesn’t exist to do something, you want, you are the kind of person that takes initiative and builds the technology or process