DFIR Engagement Manager

Piper companies is seeking an Engagement Lead to run point on Business Email Compromise and Ransomware engagements. The lead will work with both small and large organizations of varying levels of technical maturity, handle client cyber incidents and spearhead communication, scoping, as well as utilizing technical skills to analyze intrusions and detect incidents. You must be capable of working in a high stress IR situation and effectively navigate through the IR lifecycle. You will be responsible for leading the technical analysis of an IR investigation as well as communicating effectively and providing off-hours support as needed. External client facing investigation experience is required to be considered.

Responsibilities:

• Assist with the scoping of new engagements using a whole lifecycle approach, guiding the client from initial discovery through mitigation and remediation
• Conduct forensic host, network, and application technical investigations
• Lead tabletop exercises, incident response training, incident response plan organizational maturity reviews, and leaked data exposure assessments
• Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Develop comprehensive and accurate reports of forensic findings and IR activities for both technical and executive audiences
• Effectively communicate investigative findings and strategy to various client stakeholders
• Provide clients with immediate actionable 0-day cybersecurity advice to stop and mitigate the damage of ongoing attacks

Knowledge and Skills:

• 5 - 10 years of experience, leading business email compromise and ransomware investigations

• Primary Tooling: Binalyze, Microsoft Defender, Microsoft Sentinel

• Log analysis: Log analysis tools such as Elastic, Splunk and query syntax such as KQL and regular expressions (GREP) and analyze various log types such as network, firewalls, windows events, SIEM and VPN

• Forensic analysis: Computer/Digital forensics tools such as X-Ways, AXIOM, Volatility, Velociraptor, Chainsaw, Hayabusa

• Digital Forensic Artifact Analysis: Registry, Browser History, MFT, File/Folder Access, User Account Activity

• Coding: Ability to write scripts and code tools to assist with automation and analysis in Python, PowerShell, SQL, Bash

• Methodology: Sound knowledge of most common tactics and techniques performed by adversaries in order to identify traces of their activity

• EDR Solutions: Defender (Primary), but familiar with other mainstream EDR tools such as Sentinel One, CrowdStrike, Cortex XDR, Sophos, Cylance and Trend Micro, etc

• Experience in conducting or familiar with ransomware negotiations

Comprehensive Benefits:

• Medical, Dental, Vision, 401K, PTO
• $160,000 - $180,000 (12-20% annual bonus)

Keywords: DFIR, IR, Digital forensics, Live box, Deadbox, windows, mac, mobile. incidents, ransomware, malware, network intrusions, ftk, axiom, xwayz, velociraptor, host, network, tabletop, scoping, engagement, threats, edr, endpoint detection