Digital Forensics Incident Response (DFIR) Consultant

Phoenix, AZ, United States

Job Description

Job Description Salary:

About Us:

Cypfer is a true first-responder Cybersecurity organization enabling clients to return to business rapidly, the right way, following a cyber-attack. We are a global market leader in ransomware post-breach remediation and cyber-attack first response. We deliver results that far surpass market statistics for cyber-extortion and ransomware events. Our team of cybersecurity professionals works with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.

We have an exciting opening for a Digital Forensics Incident Response (DFIR) Consultant. As a Digital Forensic and Incident Response Consultant you will engage in client-facing incident response projects and offer proactive incident response services. In a collaborative setting with our team and partners, you will

assist clients during incidents, enhancing their resilience. Utilizing your technical expertise, you'll analyze intrusions, identify incidents, and guide clients through high-stress responses, ensuring clear communication and providing after-hours support when required.

Ideally, we are looking for candidates located in Phoenix, AZ, Charlotte, NC, and Seattle, WA.

You will assist in the response process, covering detection, containment, forensic investigation, and remediation. Your tasks include

You will perform forensic analysis, implementing incident response procedures, and analyzing malware. Identifying attack vectors, threat tactics, and attacker techniques is a crucial part of your role.

You will deliver verbal and written reports to clients, and actively contribute to process development and documentation.

You will collaborate with other team members and ensure our team’s expertise and attention to quality is second to none.

You will strive to find innovative ways, processes and tools to deliver on objective, faster and at a higher quality while focusing on maximizing revenue generator for the company.

The team you will be a contributing part of will have the primary responsibility for responding to and recovering from security incidents. As a consultant you will have direct hands-on responsibility in leading engagements and acting as role-model to other team members.

You will possess an in-depth understanding of technical infrastructure and recovery techniques and have strong experience working in the field.

You will possess a strong ability to communicate to all levels of stakeholders and provide detailed deliverables which will include reporting and recommendations.

On the technical front, you will possess a strong skill-set in system, application and network technologies both in configuration, installation and optimization.

You will have a strong hands-on capabilities with various security tool-sets including to assess, hunt and remediate threats.

Developing strong and rapid working client relationships is a key aspect of the role. Exceptional attention to detail and uncompromising pursuit of quality are the foundation of this role.

The successful candidate will be responsible for the following:

TECHNICAL

Strong experience with Velociraptor, Axiom, X-Ways, FTK, SIFT, Volatility, Splunk, ELK and Timeline analysis.

Strong knowledge of Windows, Active Directory, MS-SQL, Azure, AWS, Linux/Unix and Mac OS/X.

Must understand Networking, Routing, Switching, Firewalls, Packet Captures and Netflow.

A strong background knowledge of Penetration testing/Threat Actor tools and tactics, Cobalt Strike, IP Scanners, Nessus, Nexpose Kali and Metasploit are highly preferred.

Desirable certifications such as MCFE, EnCE, ACE, GCFA, GCFE and CISSP.

7+ years of senior technical support, system administration or related customer facing role.

Perform cybersecurity incident response and restoration engagements including live response, triage, containment and remediation

System, network, application rebuild and restoration activities

VMWare ESX/HyperV – Knowledge of design, use and troubleshooting.

Knowledgeable in the Windows environment, including Windows Service and Workstation, troubleshooting and diagnosing low-level operating systems and network issues.

Confident with a wide range of hardware platforms including NAS, SAN, server and networking devices.

Passion for solving customer issues and advocating for their success, in a fast paced, highly technical environment.

Ability to learn new technologies quickly.

Ability to work independently with little direct supervision and as a part of a team.

Outstanding analytical and organizational abilities.

Strong networking background including some of the following skills:

*Network routing protocols - OSPF, BGP, EIGRP, RIP along with other network protocols DHCP, DNS, VPN, IPV4 and IPV6

*Network switching – Understand L2 and L3 switch design to include VLANS and port security

*Enterprise wireless solutions – Cisco, Aruba, FortiNet

*Firewalls - Cisco ASA, Cisco FTD, CheckPoint, FortiNet PaloAlto, Cisco Meraki

*Network traffic capture and analysis

LEADERSHIP

Directly contribute to revenue targets in delivering engagements

Responsibility over certain tool selection, evaluation, management and evolution

Collaborate with management and teams to ensure agility and eliminate unnecessary delays

Support new services and offerings to the marketplace

Act as a technical leader and mentor to junior consultants

BUSINESS

Presence at the local office if needed – Primarily a remote role with attendance at client engagement is required as required

Work Independently, remotely and with minimal supervision while delivering high quality outputs

Display an aptitude and desire for continuous learning at the leading edge of security

Remain current on information security, technical infrastructure and recovery techniques, emerging threat trends, and tools including methodologies to combat the same

A high degree of comfort in customer facing / consulting situations

Travel as needed to customer locations to perform reactive and proactive engagements including frequent travel with little notice. Ability to travel internationally is required, primarily around North America.

Adhere to policies, procedures, and security practices in accordance with assigned customer’s established practices and internal policies

Take meticulous notes and demonstrate strong reporting capabilities with an emphasis on detail

Lead and support client scoping and kick-off calls if required

Ability to remain calm, composed and articulate when dealing with tough customer situations.

Excellent relationship management, customer service and communication skills in variety of forms (written, live chat, conference calls, in-person).

Preferred Skills:

Proactive

Risk assessment and troubleshooting skills

Deliver table-top engagements

Adequately communicate findings to the clients

Help maintain strong client relationships

Stay up to date by taking company-paid and self-training

Strongly Desired:

Experience supporting hybrid environments

Experience supporting security applications such as AV, VPN, Firewall, proxy.

Linux troubleshooting experience a plus

Experience with troubleshooting Windows and Mac

MCP or higher

Unix/Linux - Have experience designing and implementing different flavors, including troubleshooting

Macintosh – Knowledge of and use of Macintosh/Apple OS X to include troubleshooting

Cypfer is an equal opportunity employer. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know. We celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply.

We thank you for your interest in joining the Cypfer team! While we welcome all applicants, only those who are selected for an interview will be contacted.

remote work

#J-18808-Ljbffr