Job Description

: Cybersecurity DFIR Specialist

==================================================

Employment Type:

Full-time / Permanent

Experience Level:

Mid-Senior Level


We are seeking a skilled and experienced

Cybersecurity DFIR Specialist

to join our security team. This role is critical in detecting, investigating, and responding to cybersecurity incidents while performing digital forensics to uncover root causes, assess impact, and strengthen defenses. The ideal candidate will have hands-on experience with incident handling, malware analysis, log analysis, and forensics investigations in both on-premises and cloud environments.

Key Responsibilities

Incident Response & Threat Handling

Act as the primary responder to security incidents, leading triage, containment, eradication, and recovery efforts. Conduct root cause analysis and produce detailed incident reports, including attack timelines and impact assessments. Collaborate with SOC, IT, and engineering teams to contain threats and restore normal operations quickly.

Digital Forensics

Collect, preserve, and analyze digital evidence from compromised systems, endpoints, and networks. Perform forensic investigations using industry-standard tools (EnCase, FTK, Autopsy, etc.). Develop and maintain forensic playbooks and standard operating procedures.

Threat Hunting & Analysis

Conduct proactive threat hunting using SIEM data, EDR solutions, and threat intelligence feeds. Perform malware analysis, memory forensics, and network traffic analysis to identify Indicators of Compromise (IOCs). Develop detection rules and signatures to improve future detection and response capabilities.

Collaboration & Reporting

Work closely with cross-functional teams (SOC, GRC, engineering, legal, compliance) to ensure coordinated response efforts. Provide actionable recommendations to strengthen security posture and reduce risk exposure. Prepare executive-level and technical reports summarizing investigations, impact, and lessons learned.

Continuous Improvement

Stay updated with the latest threat trends, TTPs (Tactics, Techniques, and Procedures), and vulnerabilities. Participate in tabletop exercises, red/blue team drills, and post-incident reviews to improve readiness. Contribute to the development of automation scripts and response tooling to speed up investigations.

Required Qualifications

5+ years

of experience in cybersecurity, with at least

3+ years in DFIR or incident response roles

. Strong knowledge of Windows, Linux, and macOS internals and forensic artifacts. Proficiency with SIEM, EDR, and forensic tools (Splunk, ELK, Velociraptor, EnCase, FTK, Volatility, etc.). Hands-on experience with malware analysis, reverse engineering, and memory forensics is a plus. Familiarity with MITRE ATT&CK framework and threat intelligence methodologies. Understanding of cloud environments (AWS, Azure, GCP) and cloud incident response. Excellent problem-solving, analytical, and communication skills. Relevant certifications preferred:

GCFA, GCFE, GNFA, GCIH, CHFI, OSDF, CEH, CISSP

.

Nice to Have

Experience with SOAR platforms and automation scripting (Python, PowerShell). Exposure to red teaming or penetration testing methodologies. * Knowledge of regulatory requirements (ISO 27001, SOC 2, GDPR, PDPA).