Digital Forensics and Incident Response (DFIR)

Title & Req ID: Digital Forensics and Incident Response (DFIR)

Duration: 12 months

Location: ew York, NY (4 days onsite required weekly from day one)

Legal Authorization: Government Position -

Job Description:          

This role is suited to a skilled and energetic cybersecurity professional with strong digital forensics and incident response experience, who can support a 24x7 cyber operations environment and contribute to the ongoing enhancement of the firms security posture.

The candidate will bring deep technical expertise, strong analytical capabilities, and the ability to communicate effectively with both technical and non-technical stakeholders. This role will play a key part in investigating cyber incidents, performing forensic analysis, supporting operational readiness, and helping strengthen the firm’s information security infrastructure.

Key Responsibilities

·       Support a 24x7 cyber operations center through cyber incident investigation, triage, and response activities.

·       Use specialized security tools including Splunk, Microsoft Defender, CrowdStrike, and other relevant technologies to support incident analysis and response.

·       Collect, interpret, translate, and communicate technical information from artefacts associated with an investigation & translate to executive leadership.

·       Conduct memory, disk, and image forensics during active investigations and triage efforts.

·       Communicate clearly and confidently with both technical and non-technical audiences during incidents and post-incident activities.

·       Provide senior-level consultation and professional support for major components of the company’s information security infrastructure, including deployment and optimization of forensics and detection tooling such as Axiom Forensics, Splunk, Microsoft Defender, and CrowdStrike.

·       Contribute to the development and implementation of security architecture, standards, procedures, and guidelines across multiple platforms and varied system environments.

·       Partner with business and operational infrastructure teams regarding new and existing technologies, recommending post-incident security improvements and supporting implementation efforts.

·       Review and analyze highly complex security data and information to provide meaningful insights, conclusions, and actionable recommendations.

·       Define, implement, and apply area-wide security and/or continuity of business policies and standards, leveraging strong knowledge of globally recognized information security principles.

·       Address high-risk security concerns and incidents, recommend risk mitigation actions, and support the establishment and publication of appropriate standards.

·       Contribute to the achievement of broader Cybersecurity Platform objectives.

Qualifications

·       Significant experience in digital forensics, incident response, cybersecurity operations, or a related information security function.

·       Experience supporting or operating within a 24x7 cyber operations center environment.

·       Strong hands-on experience with tools such as Splunk, Microsoft Defender, CrowdStrike, and other incident response or threat detection platforms.

·       Experience conducting digital forensic investigations, including memory, disk, and image analysis.

·       Strong ability to collect, interpret, and communicate technical incident information to diverse stakeholder groups.

·       Excellent verbal and written communication skills, with the ability to engage effectively with both technical and non-technical audiences.

·       Demonstrated ability to manage multiple priorities, adapt quickly, and work effectively under pressure.

·       Experience supporting enterprise information security infrastructure and contributing to security tooling optimization.

·       Strong analytical and problem-solving skills, with the ability to assess complex data and produce actionable recommendations.

·       Strong understanding of information security standards, controls, policies, and industry best practices.

·       Experience addressing high-risk security concerns and supporting remediation or mitigation efforts.

Preferred Qualifications

·       Splunk certification or equivalent demonstrated expertise.

·       Experience contributing to security architecture and enterprise security standards in large, complex organizations.

·       Familiarity with continuity of business (COB) principles and related security requirements, NIST, ISO.

·       Previous Enterprise Cyber Incident repose in a large financial institution.