Principal Consultant - Digital Forensics and Incident Response

DirectDefense is seeking a Principal Consultant for our Digital Forensics and Incident Response team. In this role, you will serve as a technical forensic and consulting authority representing DirectDefense to clients from various sectors during critical incident responses. With your rich experience and technical expertise, you will be essential in identifying and analyzing intrusions, providing clear direction to clients under pressure, and offering after-hours assistance when needed. We are seeking someone with experience in a client-facing capacity who performs advanced forensic analyses and has a strong history of independently handling investigations of diverse sizes and complexities. As someone dedicated to ongoing learning, you will actively pursue opportunities to broaden your knowledge, enhancing the team's overall expertise. Alongside your technical abilities, you will guide forensic engagements and effectively balance multiple priorities. Your commitment to delivering high-quality results will allow you to mentor peers and adeptly navigate the ever-changing security incident landscape, reflecting a thorough understanding of the advancing threat environment.

Responsibilities:

• Demonstrate genuine curiosity and a commitment to continuous learning and contribute valuable insights to support the team's knowledge growth.
• Forensically lead incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery.
• Conduct advanced forensic analysis to identify the scope and impact of security incidents meticulously and precisely, including malware analysis and reverse engineering when necessary.
• Independently manage investigations in size and complexity, such as Business Email Compromises and Ransomware engagements.
• Provide career mentorship for aspiring SOC analysts interested in DFIR by investing in their professional development and providing enablement, guidance, and recommendations on training opportunities.
• Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts.
• Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably.
• Provide comprehensive supporting evidence for written reports detailing incident findings and analysis.
• Review, provide well-thought-out input, and guide other team members on forensic reports.
• Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices.
• Spearhead research and development activities to stay updated with the latest forensic tools, techniques, and methodologies.
• Contribute to the development of internal processes and support broader organizational initiatives.
• Provide after-hours (on-call/weekend rotational) support to address critical incidents and maintain continuous coverage.

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, related degree, industry certifications, or former professional experience as a Senior or Principal SOC Analyst, Senior or Principal Cybersecurity Consultant, or Senior or Principal Incident Responder.
• Hold industry certifications or showcase equivalent professional experience as a Senior or Principal Consultant, highlighting a profound mastery of Digital Forensics and Incident Response.
• Previous experience in leading the forensic workstreams and on teams ranging from 3-4 in size on complex investigations.
• Demonstrate advanced proficiency in utilizing common digital forensic artifacts and tools such as ELK, Axiom, Encase, FTK (Forensic Toolkit), Open-Source, or comparable industry-standard tools.
• Showcase professional experience in effectively using network analysis and intrusion detection tools, exemplifying a deep understanding of their application in cybersecurity.
• Possess in-depth knowledge of cybersecurity principles and best practices, underlining a comprehensive understanding of the intricacies of the cybersecurity landscape.
• Exhibit excellent problem-solving skills and meticulous attention to detail, displaying an ability to navigate complex challenges precisely and thoroughly.
• Demonstrate the ability to work effectively under pressure, manage multiple competing priorities, and consistently meet tight deadlines, reflecting resilience and efficiency in high-stakes scenarios.
• Display exceptional communication skills, both written and verbal, ensuring the ability to convey complex technical information clearly and comprehensively.
• Express eagerness to mentor, share knowledge, and actively contribute to expanding the team's expertise, fostering a collaborative and growth-oriented environment.
• Exhibit the capability to provide after-hours (on-call/weekend rotational) support as required, demonstrating a commitment to addressing critical incidents promptly and maintaining continuous coverage.

Application Instructions: To apply, please submit your resume and cover letter through our online application portal. Applications will be reviewed on a rolling basis until the position is filled.

Salary range: $132,000 - $165,000 + 10% Annual Bonus

Benefits include:

• 401(k)
• AD&D Insurance
• Dental Insurance
• Disability insurance
• Health insurance
• Life insurance
• Vision insurance
• Flex PTO program
• Paid certification and continuing education

Work schedule: Monday through Friday

Work hours: 40 hours a week

A little about DirectDefense

Since coming together in 2011 to form DirectDefense, our team has been committed to offering Cybersecurity defense strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities continuously through continued education and support.

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to drive change fearlessly – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

As Colorado law requires under the Equal Pay for Equal Work Act, DirectDefense provides a reasonable compensation range for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors, including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $132,000 - $165,000 per year with an annual bonus.