Lead complex DFIR investigations end-to-end: scope, evidence strategy, analysis, and findings validation across endpoint, identity, cloud, and network telemetry.
Perform advanced forensic analysis (disk, memory, cloud artifacts) including timeline construction, persistence discovery, credential access signals, and data access/exfiltration assessment.
Conduct root cause analysis to determine the TTPs (Tactics, Techniques, and Procedures) used by threat actors and propose measures to prevent similar incidents in the future.

Required Qualifications:

4–7+ years of experience in DFIR, incident response, threat detection, or digital forensics roles.
Demonstrated experience leading complex investigations and coordinating response actions with technical and business stakeholders.
Strong proficiency with SIEM/EDR platforms and forensic tooling; ability to acquire, analyze, and interpret evidence across systems.

Preferred Qualifications:

Cloud DFIR experience (Microsoft 365/Azure, AWS): audit logs, identity investigations, mailbox and file activity analysis.
Network forensics experience (pcap analysis, proxy/firewall logs) and/or malware triage experience.
Experience improving detection content and automation based on DFIR learnings.

Cyber Advisors

Cyber Advisors (CA) is a Cybersecurity and IT managed services provider (MSP) business with a customer-focused approach to designing, managing, and maintaining our customer's IT environment. They have invested a tremendous amount of time to develop their technology, processes, and support platform and are steadily growing.

Apply for This Position