• Home
  • Blog
  • Senior Digital Forensic and Incident Response (DFIR) Consultant

Senior Digital Forensic and Incident Response (DFIR) Consultant

Senior Digital Forensic and Incident Response (DFIR) Consultant

Key responsibilities:

As a senior DFIR Consultant, you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of intrusion prevention systems, vulnerability scanning tools, and malware forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures, and be able to quickly determine the nature of the threat and deliver the appropriate response. In addition, you will be able to manage and deliver digital forensics projects used to support broader investigations.

Skills and experience:

•    A technical career background in cyber of at least five years, with experience in incident response or incident analysis
•    Good awareness of the current threat landscape
•    Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation, with the ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution
•    Experience with network analysis and network intrusion detection
•    Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files such as those generated by firewalls, web servers, and proxies
•    Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC)
•    Good understanding of modern malware – execution methods, persistence, detection, C2 methods, delivery mechanisms (JavaScript, PowerShell, etc.), and entry points (phishing, drive-by, etc.)
•    Knowledge of analysing artefacts to deduce behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities
•    Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs
•    Familiarity with malware dynamic analysis to determine potential malicious intent of samples
•    Some experience with static analysis and reverse-engineering of samples and C2 protocols
•    Ability to innovate malware hunting methods
•    Excellent communication, reporting, and analytical skills
•    Mentoring and teamworking skills, with the ability to mentor as well as to learn from other team members

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest and Latin America.

All employees must be authorized to work in the United Kingdom. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.