Senior Digital Forensic Investigator

About eSentire
  

eSentire is on a mission to hunt, investigate and stop cyber threats before they become business disrupting events. We were founded on the premise that if you can’t find a solution, you build it. Entrepreneurship and innovation are in our DNA. Our culture is based on transparency, teamwork, and continuous innovation.

As the authority in Managed Detection and Response, we protect the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats.

 

The Role

The Senior Digital Forensic Investigator serves as a tactical arm of eSentire’s Incident Response team.  Main function of this role is to drive deep expertise and experience in incident response, and digital forensics engagements.  As a top tier operator, the position handles the most volatile and complex casework, while ensuring optimum quality of service and responsiveness.  Casework spans from financially motivated data breaches to state-affiliated espionage and ideology-driven attacks aimed at information gathering, manipulation and disruption. Real domain expertise, mixed with ability to execute, and mastery of relevant technologies must produce investigative conclusions that withstand scrutiny in the court of law.

The position operates in close coordination with eSentire’s SOC and Customer Success Management teams to drive fast mobilization, source identification, containment, and quantification of informational losses in response to cyber attacks in motion.

Make no mistake, Incident Response work is an extremely demanding role. Cyber attacks don’t follow a schedule. Our team must be available when they happen. As a result, our team members are often called upon to work outside regularly scheduled work hours, through weekends and holidays, with little notice. On the flip side, when it’s not busy we do encourage our team members to make the most of that time and catch up on their personal business. Please give this some thought before you apply, this is a demanding and equally rewarding job, but it’s not for everyone.

Responsibilities

• Drive deep domain expertise in cyber incident response, and digital forensics engagements.
• Serve as case lead in the most demanding and volatile cyber investigations.
• Be a tactical force multiplier for all open and active investigations.
• Overlay with Customer Service Management and SOC teams to optimize quality of service.
• Own and manage all aspects of assigned incident response engagements.
• Be responsive to the customer’s voice and feedback.
• Strive for attention to detail and excellence in service delivery.
• Assist in scoping assignment activities as needed.
• Continually research and develop new methods and approaches to improve service delivery.
• Provide support and mentoring to junior level staff.
• Work rotating shifts and be available on an on-call basis as required.
• Be prepared to work, as required, for extended periods outside of regularly scheduled hours, including weekends, and holidays.
• Be prepared to travel for short periods and work onsite at client locations throughout the United States and Canada, as required.

Requirements

The Senior Digital Forensic Investigator position requires a four-year degree in a relevant discipline and eight to ten years of DFIR experience.

Experience acting in an IR consultant capacity, particularly in the investigation and remediation of polymorphic trojans, and modern ransomware variants, conducting cloud-based investigations in AWS, GCP, Azure, and SaaS environments. Mastery of threat hunting using forensics at scale tooling and conducting Web based intrusion investigations Extensive experience in one or more mainstream forensics tools such as EnCase, FTK, Axiom, X-Ways, etc.

In lieu of education requirements, a military or law enforcement background with ten or more years of relevant work experience is acceptable.

• Demonstrable expertise in Digital Forensics Incident Response Investigations
• Strong working knowledge of information security fundamentals
• Working knowledge and hands-on experience with the following cybersecurity tools and technologies:
  • Endpoint Detection and Response (EDR): CrowdStrike, SentinelOne, Microsoft Defender for Endpoint (MDE)
  • Security Information and Event Management (SIEM): Splunk, Sumo Logic, IBM QRadar, Microsoft Sentinel
  • Firewall & VPN Logging Analysis: FortiGate, SonicWall, Meraki, WAF
  • Mass Forensic Triage Tools: Velociraptor, KAPE, Hayabusa
  • Active Directory Analysis Tools
• Security consulting and/or case investigation background preferred
• Excellent written and verbal communication, listening and client management skills
• Ability to articulate complex IT technical information to customers in a non-technical fashion
• Self-motivated, strong analytical skills and detail-oriented
• Demonstrated presentation skills

Please note that this position is subject to the successful completion of a DBS check and reference verification.

Our Culture and Values

We celebrate diversity, operating with mutual respect and consideration, in an environment that fosters inclusivity for all. We believe that a variety of perspectives, backgrounds, and experiences make us stronger – if you’re enthusiastic about this opportunity but don’t meet every qualification, we encourage you to apply anyway. It takes a diverse set of thoughts, cultures, backgrounds, and perspectives to be a true market leader.

 

Total Rewards
We believe in rewarding performance and providing comprehensive benefits tailored to support your well-being. Our package includes comprehensive health benefits, a flexible vacation plan, and participation in our company-wide equity program, allowing you to share in the success and growth of our organization. 

 

Accommodation
If you have any accessibility requirements during the recruitment process, please reach out to our HR team at [email protected] and any accommodation needs will be addressed upon request. Your talents and unique perspectives are valued, and we look forward to the opportunity to work together to build a more inclusive future.

 

It's our mission at eSentire to protect our customers 24/7/365 and we extend this conviction to job seekers. During the application and interview process, eSentire will communicate with you from one of our corporate "@esentire.com" email addresses, never from a public email address. 

 

#LI-SJ1
#LI-Remote