DFIR Engagement Manager

What are we looking for?

SentinelOne’s DFIR team conducts digital forensics investigations, incident response, and breach readiness engagements for global clients.  Our team provides comprehensive proactive and reactive services, including incident readiness assessments, tabletop exercises, purple-team activities, full-breach investigations, malware analysis, and threat-hunting operations. This role will support the reactive DFIR services, managing the overall success of cyber incident investigations. In this role, you will work with our global team of DFIR analysts and serve as the point of contact with customers throughout the entirety of an investigation. The ideal candidate will be an experienced leader with technical expertise and exceptional client management skills.  

What will you do?

• Lead business development activities including scoping, requirements gathering, and contract development
• Collaborate with account teams and internal and external legal counsel to ensure service agreements and statements of work are in place
• Handle high-stakes client interactions involving legal counsel or executive stakeholders
• Oversee active DFIR investigations, ensuring exceptional quality and timeliness of deliverables
• Establish and maintain clear communication channels with all stakeholders
• Manage DFIR investigation objectives, timelines, resource allocation
• Coordinate cross-functional teams including internal resources and external vendors
• Handle escalations and resolve technical or operational challenges
• Ensure proper evidence handling and documentation throughout investigations
• Maintain oversight of case documentation and artifact archival
• Ensure adherence to standard operating procedures and best practices
• Lead post-engagement reviews and process improvement initiatives
• Conduct technical analysis including endpoint forensics, log analysis, and threat-hunting when required
• Maintain flexibility with schedule and participate in weekend and holiday on-call schedule
• Adopt and follow our core values amongst the team: 
• Trust – We earn our client’s trust via technical expertise and a customer-first mindset.
• Accountability – Every team member contributes to our group success via diligently fulfilling their assigned duties.
• Collaboration—The DFIR team works closely with our threat intelligence, research, MDR, and product teams to ensure the success of every investigation.
• Relentlessness – We will leave no stone unturned to provide outstanding service and fulfill our client's needs.
• Ingenuity – If no tool or process exists to enable our investigations and hunts, then we will create one.  There is always a way to improve existing methodologies.
• Community - The DFIR team supports each other as we grow and improve ourselves and our service.

What skills and knowledge should you bring?

• 5+ years of hands-on consulting experience in digital forensics and incident response
• Proven track record of managing complex incident response engagements
• Expert-level experience with industry-standard forensic tools and methodologies
• Strong understanding of and experience with EDR/XDR platforms and security technologies
• Experience conducting malware analysis and memory forensics preferred
• Demonstrated experience in endpoint-based threat-hunting and compromise assessments
• Experience working with cyber threat intelligence platforms and processes
• Excellence in client communication and relationship management
• Experience working with legal teams and insurance carriers
• Strong project management and team leadership skills
• Industry certifications (GCFE, GCFA, CFCE, EnCE, or similar) preferred
• Active participation in the security community through speaking engagements or publications preferred
• Evident self-starter with intellectual curiosity and the ability to adapt to change