Digital Forensics & Incident Response Manager
Apply NowJob details
DFIR Manager (Digital Forensic & Incident Response Manager) Client: Tech Consulting Role: DFIR Manager Job Type: Permanent Location: Remote in Canada/US 10% Travel Your New Company Our client, a very well-known global company to hire a DFIR Manger for a permanent role. Your New Role: • Leading security incidents in a cross-functional and collaborative environment, targeting incident resolution • Developing IR initiatives that improve our capabilities to respond and swiftly remediate security events • Identifying, developing, and articulating the missions of highest importance for your teams • Reporting on security incident performance and risk indicator metrics • Identifying and tracking key performance metrics for the team; utilizing metrics to find new ways to improve sustainability for your team and improve security incident response and remediation closure rates • Leading and fostering innovation within the Security Incident Response team, driving key decisions and focus on client outcomes • Creating a culture of accountability, quality, agility, and high performance that will foster the attraction, development, and retention of security analysts • Mentoring and coaching team members to continue to scale in our high-growth environment • Responsible for being a focal incident response point for all within the organization (Incident Response/Post Breach Remediation/RMS Advisory/MSSP Advisory). This includes being able to provide initial analysis and identification of IOC’s, escalation to the appropriate business units and post-incident activities. • Oversee Incident Response Plans: Design, implement, and manage the client's incident response policies and procedures to ensure preparedness. • Coordinate Incident Response Teams: Lead cross-functional teams during security incidents, ensuring an organised and timely response. • Triage and Prioritise Incidents: Assess incidents for severity and potential impact, assigning appropriate resources and setting response priorities. • Communication: Serve as technical point of contact during an incident, providing updates to internal and external stakeholders. • Serve as an incident manager, reporting key findings, barriers, escalations and concerns to the Head of DFIR, while liaising with Legal, Director of Sales and IRC team • Support the Global Head of DFIR with Project based work that advances the output and productivity of the department and organization • Maintain and prepare departmental reports for Key Performance Indicators (KPIs) to be presented to the Global Head of DFIR and EVP Sales & Revenue as needed • Provide leadership and support to the CERT team, acting as a backup for the Global Head of DFIR during vacations or time-off • Responsible for supporting a wide number of technologies and being able to proficiently perform advanced troubleshooting on the fly (packet captures, debugs, traffic analysis) • Work on the continued development of DFIR/CERT and Machine investigation lifecycles as part of the ongoing process to enhance IR capabilities; also provided significant contribution to the revision of Incident Response and Post Breach Remediation policies, procedures and process. • Responsible for developing and documenting Incident Response methods and guidelines for the organizations • Develop a detailed Incident Response run book of tools, techniques and forensic methods for personnel to utilize during investigations. • Support in the departments DFIR tooling selection process and any proof-of-concept projects. • Chain of Custody: Ensure that evidence is collected, handled, and preserved in a legally defensible manner, maintaining the chain of custody for potential litigation. • Perform live-endpoint investigation, including the identification and gathering of key forensic artifacts, offline investigation as needed and providing remediation actions as needed. • Implements and deploys an Incident Response focused ticketing system to improve incident tracking, remediation and metrics for incidents worked. • Post-incident Analysis: Conduct root cause analysis after incidents to identify vulnerabilities and develop strategies to prevent recurrence. • Recovery Support: Work closely with IT and cybersecurity teams to guide recovery efforts, including system restoration and remediation. • Responsible for working with 3rd parties in order to assist with incident response, business email compromise, security breach, improve overall security, investigations, recommendations and remediation. • Responsible for reporting of security metrics related to the Incident Response team. • Provides mentoring to team members of incident response techniques and methodologies • Assists Sales and SOC in the successful conversion from incident response, PBR, RMS, eDiscovery to SOC; including process and procedure build out. • Developing and providing high-level technical reports in response to clients • Developing and providing high-level business unit specific KPI’s to senior management • Developing and providing metrics surrounding the departments utilization, engagement timelines, profitability and billing • Supporting Incident Response Coordinator (IRC) workflows. • Incident Response Metrics and Reporting: Track and report key performance indicators (KPIs) and metrics related to incident response and digital forensics to senior leadership. • Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations. • Understand the process for time tracking and auditing to ensure Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations. • Monitor and Manage Regional profit & loss metrics and requirements • Create and maintain and enhanced onboarding program that is concise and repeatable, effectively covering all aspects of the CERT role • Serve as a member of a 24x7/365 service delivery team that handles incident response, post breach remediation, escalation, required to perform complex investigations and/or troubleshooting and driving root cause to resolution. • Incident Response Training: Organize and lead training sessions and simulations (e.g., tabletop exercises) for CERT staff to improve readiness and response capabilities. • Client Education: Raise awareness across external organizations about digital forensics, incident response protocols, and security best practices. • All activities and responsibilities will be required to provide support to the Global CERT team and are not limited to one region • Maintain and manage AWS instances to ensure timely deletion and removal of data to minimize company and customer fees/overages What You’ll Need to Succeed: • Minimum 3 years of Management/Leadership experience • Minimum 3 years of client facing experience in technical situations • Minimum 6 years of experience in Incident Response • Bachelor’s degree or matched work experience • 5 years of information security experience as well as leading teams with a deep passion for cybersecurity and incident response • Experience in the Cyber Insurance and Legal markets • Successful track record of helping to implement security initiatives and frameworks in a flexible and innovative manner • Ability to understand technical issues teams face day-to-day and act as a player/coach for blocker removal • A collaborative approach to decision-making and the ability to influence with minimal guidance • Experience in conducting Tabletop Exercises in Incident Response • Experience in the deployment and management of EDR Technology • Experience with Security Technologies and NIST Framework • Developing, documenting and implementing incident response methods, process • Perform live endpoint investigations • Experience in forensic investigations both on-premises and cloud • Experience in mentoring developing and delivering inhouse training • Must be available to provide coverage to meet business requirements in 3 regions • Strong knowledge of DFIR Tools • Strong knowledge of Virtualization Technologies, Operating Systems, Firewalls, VPN’s, SIEM, Enterprise Gateway Technologies, Networking Devices, Security Technologies, etc. What You’ll get in Return The client is offering a permanent opportunity with benefits. Interested? If you’re available and interested in this role, please reply to Shivangi.guptahays.com as soon as you can attaching your updated resume.
Apply Now