Senior IR / DFIR / Forensics Expert (980981)

Job Description

A leading Cyber Security company is looking for a Senior Incident Response (IR) / Digital Forensics (DFIR) Expert to lead critical cyber investigations, uncover complex attack patterns, and guide organizations through the recovery process. You will work at the forefront of cyber defense, using your investigative skills to help clients contain breaches, rebuild trust, and strengthen their security posture.
In addition, you will contribute to the development of realistic training modules, ensuring that our scenarios reflect the most current challenges and threats in today’s cyber landscape.

What You’ll Do:
• Take ownership of end-to-end Incident Response engagements, from detection, containment, and analysis through eradication and recovery.
• Perform deep digital forensics investigations to identify attacker techniques, tools, and timelines.
• Analyze endpoints, servers, and cloud environments to understand the scope and impact of breaches.
• Leverage forensic tools such as EnCase, FTK, Volatility, and custom scripts to collect and analyze data.
• Provide clients with detailed reports and actionable recommendations to prevent future incidents.
• Collaborate with internal teams (Red Team, Threat Intelligence, and GRC) to continuously enhance detection and response capabilities.
• Contribute insights and lessons learned to training environments, creating realistic and up-to-date incident scenarios.

This is a full time, Remote- Working from home + traviling to clients offices when needed. 

Relevant only to candidates from Israel.

What We’re Looking for:
• 5+ years of experience in Incident Response, Digital Forensics, or related roles.
• Proficiency with industry-standard forensic tools (EnCase, FTK, Volatility) and data acquisition techniques.
• Strong knowledge of Windows, Linux, and cloud environments (AWS, Azure, GCP).
• Experience with SIEM platforms, threat hunting methodologies, and EDR solutions.
• Familiarity with attack frameworks like MITRE ATT&CK and common threat actor TTPs.
• Advantageous: certifications such as GCFA, GCIH, CCFP, or similar.
• A proactive, analytical mindset with the ability to work independently and under pressure.

Why should you apply?

• Play a critical role in defending organizations from real-world threats and attacks.
• Be part of an innovative and collaborative team at the cutting edge of cybersecurity.
• Contribute to realistic, scenario-driven training environments used by leading organizations.
• Competitive compensation, professional development, and opportunities for career growth.

Fill In The Form