Digital Forensics and Incident Response Consultant

Confidential Company  •  Virtual / Travel and 5 other locations

5 - 7 years experience  • 

Salary depends on experience
Posted on 05/18/18
Confidential Company
Virtual / Travel
5 - 7 years experience
Salary depends on experience
Posted on 05/18/18


  • Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
  • Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
  • Knowledge of and the ability to use popular EDR technologies during DFIR engagements
  • Experience analyzing a myriad of system and network logs using Splunk and/or ELK
  • Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
  • Ability to analyze PCAP data
  • Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
  • Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
  • Ability to be client facing by interacting with our clients and their executive leadership
  • Creative problem-solving abilities and an analytic and qualitative eye for reasoning
  • Self-starter with a knack for taking initiative and “getting things done”
  • Must have a passion for your work and an ability to apply that passion to both daily tasks and larger projects
  • Ability to work with a remote team via collaboration tools (Chat, Email, and Video Conferences)
  • Strong documentation skills, ability to write executive and technical DFIR reports
  • Ability to prioritize and complete multiple tasks with little to no supervision
  • Intellectual curiosity, humility, accountability and positive approach
  • Ability to work independently with substantial latitude for action and decision while maintaining focus on achieving optimal outcomes as part of a collaborative development effort
  • Willingness to travel 20% - 25% of the time on short notice
  • Work remote (from home) while not traveling


  • At least 3+ years of hands on client facing consulting experience or 5+ years of DFIR experience in a non-consulting environment
  • Proficient in either Python, Powershell and/or Go. Bonus points if you have a GitHub page.
  • Experience creating dashboards, writing Logstash filters, and performing complex searches within ELK
  • Experience writing Suricata rules with an emphasis on performance
  • Experience managing Bro installations and writing Bro scripts
  • Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
  • When an existing technology and/or process doesn’t exist to do something, you want, you are the kind of person that takes initiative and builds the technology or process


Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.