Senior DFIR Manager

Cyber Incident Response Leader

Location: Remote (U.S.)

About the Company

Our client is a rapidly growing cybersecurity consulting and incident response organization that partners with commercial and enterprise clients across a wide range of industries to support cyber investigations, ransomware response, cloud forensics, and enterprise security resilience initiatives.

The organization operates globally with teams across North America, Europe, and Latin America and is continuing to expand its digital forensics and incident response practice.

Position Overview

We are seeking experienced Cyber Incident Response Leaders to oversee complex digital forensics and incident response engagements while leading teams of investigators and analysts in high-pressure, fast-moving environments.

This role will act as both a strategic and operational leader within the organization’s DFIR practice, managing investigations, mentoring response teams, and partnering directly with executive leadership on critical cyber incidents and client engagements.

The ideal candidate combines deep technical DFIR expertise with strong leadership, communication, and consulting experience.

Responsibilities

• Lead complex incident response and digital forensics investigations across enterprise environments
• Oversee and mentor teams of analysts, investigators, and responders
• Act as an escalation point during active cyber incidents and ransomware events
• Coordinate response activities across cloud, endpoint, network, and enterprise infrastructure environments
• Support strategic improvements to incident response operations, methodologies, and service delivery
• Partner with executive leadership on operational planning and practice growth initiatives
• Provide guidance to clients during high-stress and business-critical incidents
• Conduct cloud-focused investigations across AWS, GCP, Azure, Snowflake, and hybrid environments
• Collaborate with internal leadership teams on staffing, operational scaling, and process improvements
• Participate in rotating on-call incident response coverage

Qualifications

• 7+ years of cybersecurity experience with strong DFIR and incident response expertise
• Previous consulting or client-facing cybersecurity experience
• Experience leading teams within incident response, cyber investigations, or security operations environments
• Strong background handling ransomware investigations, enterprise compromises, and forensic analysis
• Experience conducting cloud forensics and investigations within AWS, Azure, GCP, and/or Snowflake environments
• Strong understanding of enterprise security operations, threat actor behavior, and attack methodologies
• Excellent communication, stakeholder management, and crisis leadership skills
• Ability to operate effectively in fast-paced, high-pressure environments

Preferred Qualifications

• Experience leading incident response teams or practice areas
• Prior experience within managed security, consulting, or professional services organizations
• Knowledge of enterprise compliance and security frameworks
• Experience mentoring and developing junior security professionals
• Relevant certifications such as GCFA, GNFA, GCIH, CISSP, GCFE, or similar

Compensation & Benefits

• Competitive base salary (~$200K)
• Performance bonus program
• 401(k) with company match
• Comprehensive healthcare coverage
• Fully remote flexibility
• Opportunity to help shape and grow a rapidly expanding global cybersecurity practice