Senior Security Engineer - Digital Forensics and Incident Response (DFIR)

We are seeking an experienced Senior Security Engineer to join our Digital Forensics and Incident Response (DFIR) team within the broader Security Incident Response Team (SIRT), to help our organization respond to cyber-attacks. The ideal candidate will have a deep understanding of the security incident response and incident management process, attacker kill chains / methodologies, be able to respond quickly to attacks, restore services, and forensically investigate the root cause. As a member of our SIRT, you will closely collaborate with other engineers to design and implement solutions, improve incident response readiness, and provide guidance and training to external teams.

• Oversee and promptly respond to escalated security events or investigations, and activate the Security Incident Response Plan as required.
• Provide on-call support for critical severity issues, manage communications, and report incident status to the appropriate stakeholders.
• Lead forensic analysis and conduct investigations to ascertain the root cause, scope, and impact of security incidents.
• Develop, maintain, and improve incident response plans, procedures, and playbooks to ensure swift action and regulatory compliance.
• Present guidance and training on security best practices and incident response to organizational partners, while ensuring alignment with business objectives and compliance requirements.
• Mentor and train incident responders on incident handling techniques, forensic analysis, and cloud security forensics and best practices.
• Collaborate with Compliance, Legal, and Risk teams to integrate incident response operations with business and regulatory needs.
• Assess vulnerabilities, propose remediation strategies, and keep up-to-date on current and emerging security trends, threats, and countermeasures.

• A Bachelor’s degree or higher in Technology, Computer Science, Cybersecurity, or a related field is preferred.
• Possession of industry-recognized professional level certifications such as AWS Security Specialty, GCIH, GCFA, GFCE, CISSP is advantageous.
• 3-5 years of experience in a dedicated cybersecurity role, with a strong emphasis on digital forensics and incident response.
• 1-3 years experience using scripting languages such as bash, powershell, and python.
• Experience performing analysis and detection engineering using Endpoint Detection and Response or Cloud Security Posture Management tools such as CrowdStrike Falcon, SentinelOne, and Wiz
• Comprehensive understanding of cybersecurity and networking principles, including protocols, ports, and frameworks such as OWASP, MITRE ATT&CK, NIST, and CIS.
• Experience using and defending Public Cloud services such as AWS, Azure, and GCP. (IAM, CI/CD Pipelines, Network Security, DLP)
• Deep understanding of Security Information, and Event Management (SIEM) solutions such as Splunk, LogScale.
• Strong analytical and problem-solving abilities, with a focus on identifying root causes and assessing risk exposure.
• Exceptional communication skills, both verbal and written, capable of explaining technical details to non-technical audiences and fostering strong stakeholder relationships.
• Self-motivated with the ability to work autonomously, managing tasks effectively and seeking assistance when necessary.
• Proficient in working under pressure in a dynamic environment, prioritizing tasks to meet tight deadlines while maintaining procedural discipline.
• Profound knowledge of digital forensics technologies and methodologies, as well as expertise in the Security Incident Response Lifecycle according to frameworks like NIST or SANS.
• Adaptable and proactive attitude, willing to take on various responsibilities and eager to continuously learn and upgrade skills.
• Proficient understanding of AI technologies and their application in enhancing security operations, threat detection, and incident response.

If you have a passion for security and a proven track record in incident response and security operations, we invite you to apply for this role. Join our SIRT and help us protect our organization and our customers from cyber-attacks.