Senior DFIR Consultant
Budget: -
HOURLY / PART_TIME
⭐ 0.00 (0)
India
Positka is seeking an experienced Senior DFIR Consultant who can independently lead Incident Response and Digital Forensics engagements from detection through closure. The role requires deep expertise in forensic investigations, root cause analysis, threat hunting, and stakeholder management while supporting enterprise customers across diverse industries.
Positka is committed to investing in best-in-class training and certifications, while offering opportunities to work on cutting-edge initiatives with leading global organizations.
Role Description
The Senior DFIR Consultant is responsible for leading end-to-end Digital Forensics and Incident Response (DFIR) engagements, conducting advanced forensic investigations, managing cybersecurity incidents, and delivering comprehensive Root Cause Analysis (RCA) reports. The role requires strong technical expertise across endpoint, cloud, and network environments and the ability to communicate findings effectively to both technical and executive stakeholders.
Based in Chennai, the role requires collaboration with internal security teams, customers, and leadership teams across geographies.
As a Senior DFIR Consultant, you will be responsible for:
Incident Response
• Lead end-to-end incident response engagements including triage, scoping, containment, eradication, recovery, and post-incident reporting.
• Investigate and identify attack vectors, adversary tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK.
• Manage complex incidents involving identity compromise, cloud attacks, ransomware, phishing, business email compromise (BEC), and advanced persistent threats.
• Coordinate with customer IT, Security Operations, and leadership teams to provide timely updates and remediation guidance.
• Prepare detailed incident reports, attack timelines, impact assessments, and remediation roadmaps.
Digital Forensics
• Conduct host-based and cloud forensic investigations across Windows, Linux, macOS, Microsoft 365, Azure, AWS, and other enterprise environments.
• Acquire, preserve, and analyze digital evidence while maintaining chain-of-custody requirements.
• Perform memory forensics, disk image analysis, log correlation, and artifact examination to reconstruct attacker activity.
• Independently prepare executive-level Root Cause Analysis (RCA) reports suitable for customers, auditors, legal teams, and regulators.
• Support e-discovery, compliance, and litigation-hold requirements when required.
Collaboration & Leadership
• Work closely with Threat Intelligence, SOC, Detection Engineering, and Security Operations teams to enhance investigations.
• Provide mentorship and technical guidance to junior analysts and DFIR team members.
• Contribute to the development and enhancement of incident response playbooks, forensic methodologies, reporting standards, and operational procedures.
• Participate in purple team exercises, tabletop exercises, and post-incident reviews to improve organizational security posture.
• Present investigation findings and incident summaries to senior stakeholders, including executive leadership and customer CXOs.
Analytical/Decision Making Responsibilities:
• Analyze security incidents and forensic evidence to determine root causes, attack paths, and business impact.
• Evaluate and prioritize containment and remediation actions during active incidents.
• Make informed decisions on evidence collection, forensic methodologies, and investigation strategies.
• Identify emerging threats, attack trends, and process improvement opportunities.
• Provide clear recommendations to customers and leadership teams to strengthen security controls and reduce future risk exposure.
• Maintain high standards of accuracy, confidentiality, and professionalism throughout investigations.
Experience, skills, education:
• 7+ years of cybersecurity experience with at least 5 years in hands-on Digital Forensics and Incident Response roles.
• A Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field is preferred, though not mandatory for candidates with strong hands-on experience.
• Experience working within MSSPs, consulting organizations, or enterprise Security Operations environments.
• Proven ability to independently manage and conclude complex forensic investigations and incident response engagements.
• Hands-on experience investigating ransomware, credential theft, AiTM phishing, BEC, supply chain attacks, and advanced cyber threats.
• Experience presenting investigation findings and remediation recommendations to senior stakeholders and executive leadership.
Technical Skills
• Strong expertise in Digital Forensics and Incident Response methodologies.
• Hands-on experience with forensic tools such as Velociraptor, FTK, Autopsy, Volatility, KAPE, and Eric Zimmerman tools.
• Experience with SIEM platforms including Microsoft Sentinel, Splunk, or equivalent technologies.
• Strong knowledge of cloud investigation and monitoring technologies including Azure Monitor, Microsoft 365, AWS CloudTrail, GuardDuty, and GCP Audit Logs.
• Experience with scripting and automation using Python, PowerShell, or Bash.
Open job