Role : Senior Cyber Defense & Offensive Security Specialist (Incident Response & Threat)
Role Overview
Threat Research Advisory team is seeking a highly skilled and versatile cybersecurity professional to lead and execute advanced Digital Forensics & Incident Response (DFIR), Offensive Security Testing, and Cyber Threat Intelligence (CTI) operations. This role requires deep technical expertise, hands-on execution capability, and the ability to operate in high-pressure incident environments while supporting proactive security initiatives. The ideal candidate will bring a blend of forensic investigation, penetration testing, threat intelligence analysis, and automation development, with exposure to legal discovery processes and executive-level cyber risk scenarios.
Key Responsibilities
1. Digital Forensics & Incident Response (DFIR)
- Manage and execute incident response engagements for rapid response retainers, including:
- Unauthorized access incidents
- Malware outbreaks and advanced threats
- Cyber extortion and ransomware attacks
- Perform:
- Digital evidence acquisition and forensic analysis
- Deleted data recovery and memory analysis
- Malware reverse engineering
- Operate under legal frameworks, ensuring alignment with Attorney Work Product and legal privilege requirements
2. Offensive Security & Red Team Operations
- Conduct comprehensive penetration testing and adversary simulations, including:
- Internal and external network testing
- Web, cloud, mobile (iOS), and thick client assessments
- Wireless infrastructure testing
- Execute exploitation techniques such as:
- SQL injection, cross-site scripting (XSS)
- Privilege escalation and credential attacks
- Lead Social Engineering campaigns:
- Phishing, smishing, pre-texting
- Perform Physical Security Assessments:
- Facility access testing
- RFID cloning
- USB payload deployment
3. Cyber Threat Intelligence (CTI) & Threat Hunting
- Monitor and analyze intelligence across:
- Surface, deep, and dark web environments
- Identify risks such as:
- Stolen intellectual property
- Brand impersonation and typosquatting
- Credential leaks and compromise indicators
- Develop and operationalize:
- Automation workflows and GenAI-driven threat hunting tools
- IOC enrichment pipelines and intelligence correlation models
4. CSIRT Operations, Labs & E-Discovery
- Support and operate 24/7 CSIRT functions, including:
- Alert triage and incident containment
- Deploy and manage:
- Network Telemetry Analysis (NTA) sensors
- Full packet capture solutions
- Execute E-Discovery and forensic data processing, including:
- Predictive coding models
- Handling and hosting Electronically Stored Information (ESI)
- Using platforms such as Relativity and Nuix
5. Incident Preparedness & Executive Protection
- Develop and maintain:
- Incident Response Plans (IRPs)
- Decision matrices and escalation protocols
- Executive reporting frameworks
- Conduct:
- Ransomware simulations and breach exercises
- Executive tabletop scenarios
- Deliver Executive Identity Protection (EIP) services:
- Removal of sensitive personal data from public sources and data brokers
Required Skills & Experience
Technical Expertise
- Proven experience in:
- Multi-vector penetration testing (Network, Web, Cloud, Mobile, Wireless, Physical)
- DFIR and compromise assessments
- Malware analysis and reverse engineering
- Strong proficiency with tools such as:
- Wireshark, Nmap, Recorded Future (or equivalent CTI platforms)
- Experience in:
- OSINT collection and analysis
- Network telemetry analysis
Automation & Development
- Strong scripting and development skills in:
- Python
- Linux-based environments
- Experience building:
- Security automation tools
- Agentic workflows and bot-driven intelligence pipelines
Forensics & Legal Discovery
- Hands-on experience managing:
- Electronically Stored Information (ESI)
- Legal discovery workflows
- Familiarity with:
- Relativity, Nuix, or similar platforms
Certifications
Preferred certifications include:
- Offensive Security Certified Professional (OSCP)
- Certified Ethical Hacker (CEH)
- GIAC Security Essentials (GSEC)
- Additional DFIR or CTI certifications are a plus
Soft Skills & Attributes
- Ability to operate in high-pressure incident scenarios
- Strong analytical and investigative mindset
- Excellent stakeholder communication, including interaction with legal counsel and executives
- Ability to bridge offensive, defensive, and intelligence domains
- Strong documentation and reporting skills