DescriptionThe RoleWe are seeking a highly skilled and motivated
Incident Response Expert to join our elite global team. In this role, you will lead and participate in complex forensic investigations and incident response engagements involving sophisticated cyberattacks, ransomware events, and nation-state activity. Your expertise will play a critical role in helping Sygnia's clients understand, contain, and recover from cyber incidents while preserving business continuity and mitigating risk.
What You'll Do- Work with a team to conduct end-to-end forensic investigations, including log analysis, host and network forensics, malware triage, and memory analysis.
- Support response efforts for major cybersecurity incidents, collaborating closely with internal and external security and IT teams.
- Perform threat hunting activities in client environments to detect and eliminate advanced persistent threats.
- Identify Indicators of Compromise (IOCs) and attacker Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK.
- Analyze a wide variety of data sources (endpoint, network, SIEM, etc.) to build a clear picture of the attacker's actions and impact.
- Leverage and contribute to Sygnia's internal investigation tools, playbooks, and threat intelligence platforms.
- Communicate investigation results effectively to both technical stakeholders and executive leadership.
- Develop and present high-quality technical reports, timelines, and strategic recommendations to clients.
- Support the continuous improvement of internal methodologies, tooling, and knowledge sharing within the team.
RequirementsWhat We're Looking For- 3+ years of hands-on experience in incident response, digital forensics, threat hunting, or cyber investigations-whether from the private sector, military, or government.
- Deep technical understanding of operating systems (Windows, Linux, macOS), file systems, registry and memory structures, and log analysis.
- Proficiency in network fundamentals and common protocols (DNS, HTTP/S, SMB, etc.) and network traffic analysis (e.g., PCAP review).
- Experience with tools such as EnCase, X-Ways, FTK, Velociraptor, Splunk, or Wireshark, and EDR platforms like CrowdStrike, SentinelOne, or Microsoft Defender.
- Competency in scripting or automation (e.g., Python, PowerShell) to support investigations.
- Familiarity with cloud environments (AWS, Azure, GCP) and related forensic techniques is a plus.
- Excellent written and verbal communication skills; able to clearly convey complex technical topics to diverse audiences.
- Strong analytical thinking, attention to detail, and ability to work under pressure in time-sensitive environments.
- Willingness to travel.
Bonus Points For- Industry-recognized certifications (e.g., GCFA, GCIH, GNFA, GCIA, GREM, CISSP).
- Experience responding to ransomware, business email compromise (BEC), and advanced threat actor incidents.
- Experience presenting findings to legal counsel, regulators, or board-level stakeholders.
- Multilingual skills and experience in multinational or cross-cultural environments.
- A degree in Computer Science, Information Security, or a related field; or equivalent education or training in cybersecurity
