DFIR Specialist (Lead/Manager) - Incident Response & Forensics

We are seeking an experienced Digital Forensics and Incident Response (DFIR) Specialist to lead and manage end-to-end incident handling within our cybersecurity operations. This role will be responsible for triaging security events, coordinating response efforts, conducting forensic investigations, and ensuring effective containment, eradication, and recovery from security incidents. The ideal candidate will have a strong background in incident response, digital forensics, threat hunting, malware analysis, and security operations.

This position requires a proactive leader with hands-on technical expertise and the ability to collaborate across teams to enhance the organization's security posture.

Key Responsibilities:

Incident Handling & Response:

• Lead and manage the full lifecycle of cybersecurity incidents, including triage, containment, eradication, recovery, and post-incident review.
• Act as the primary point of contact during security incidents, coordinating response efforts across internal and external stakeholders.
• Develop and execute incident response playbooks to ensure rapid and effective mitigation of security threats.
• Perform live response and forensic analysis on compromised systems to determine the root cause and attack vectors.
• Provide expert guidance on containment strategies, recovery efforts, and risk mitigation steps.

Digital Forensics & Threat Analysis:

• Conduct in-depth forensic investigations on compromised endpoints, networks, and cloud environments.
• Analyze artifacts, logs, memory dumps, and malware to reconstruct attack timelines and determine the scope of intrusions.
• Utilize industry-leading forensic tools (e.g., Autopsy, EnCase, FTK, Volatility, X-Ways, Magnet Axiom).
• Perform malware analysis and reverse engineering to extract IoCs (Indicators of Compromise) and develop detection signatures.
• Document findings in detailed investigative reports and provide recommendations for security improvements.

Threat Intelligence & Hunting:

• Collaborate with threat intelligence teams to identify emerging threats, TTPs (Tactics, Techniques, and Procedures), and adversary behaviors.
• Conduct proactive threat hunting across systems and networks to identify hidden or undetected threats.
• Develop custom YARA rules, Sigma rules, and SIEM queries for threat detection and response.

Security Operations & Continuous Improvement:

• Develop and improve incident response plans, runbooks, and standard operating procedures (SOPs).
• Train and mentor junior analysts and IT staff on best practices in DFIR and cybersecurity defense.
• Work closely with SOC teams, security engineers, and IT teams to implement security improvements and hardening measures.
• Participate in red team vs. blue team exercises to test and enhance the organization's detection and response capabilities.
• Provide leadership in post-incident analysis, lessons learned, and risk mitigation efforts.

Required Skills & Qualifications:

• 3+ years of experience in Digital Forensics, Incident Response, Cyber Threat Intelligence, or related cybersecurity fields.
• Strong hands-on experience with forensic analysis, malware analysis, and memory forensics.
• In-depth knowledge of network security, SIEM platforms, EDR solutions, and log analysis.
• Proficiency in forensic and incident response tools such as Splunk, CrowdStrike, SentinelOne, Carbon Black, Wireshark, Velociraptor, The Sleuth Kit (TSK), Sysinternals Suite, and OSQuery.
• Experience with MITRE ATT&CK framework, Cyber Kill Chain, and TTP-based investigations.
• Strong scripting and automation skills (Python, PowerShell, Bash) for forensic analysis and response automation.
• Knowledge of cloud security (AWS, Azure, Google Cloud) and experience handling cloud-based security incidents.
• Excellent communication skills, with the ability to present technical findings to both technical and non-technical audiences.

Interested candidates, please do submit a copy of your updated resume to clarice.tan@eamesconsulting.com

We regret to inform you that only shortlisted candidates will be notified. Thank you for your understanding.

R1442954