The Senior Threat Detection & Incident Response (DFIR) Engineer is a high-impact technical expert responsible for identifying, investigating, and neutralizing sophisticated cyber threats. This role goes beyond standard monitoring; you will actively hunt for adversaries, develop advanced detection logic, and lead forensic investigations to understand the "how" and "why" behind an intrusion.
You will act as the technical authority during critical security events, ensuring that evidence is preserved, threats are contained, and lessons learned are translated into automated detection playbooks.
What you will do:
Detection Engineering & Threat Hunting
- Lead proactive threat hunting missions across endpoints, networks, and cloud environments using the MITRE ATT&CK framework.
- Develop and optimize SIEM content (Splunk, Sentinel, Chronicle, or QRadar) and Sigma rules to identify emerging adversary TTPs.
- Design and implement custom detection logic to reduce false positives and improve the fidelity of security alerts.
Incident Response & Forensics
- Lead the Incident Response lifecycle for high-severity events: from initial containment and eradication to evidence preservation.
- Perform digital forensics and deep-dive investigations on compromised systems to determine the root cause and scope of breaches.
- Execute malware analysis and reverse engineering to identify capabilities, C2 infrastructure, and indicators of compromise (IoCs).
Threat Intelligence & Automation
- Collect, enrich, and disseminate Threat Intelligence to proactively block emerging threats.
- Design and automate Incident Response playbooks to standardize response actions and reduce MTTR.
- Collaborate with infrastructure and engineering teams to implement defensive hardening based on intelligence findings.
Tools & Technologies:
- SIEM Tools: Advanced proficiency in Splunk (ES), Microsoft Sentinel, QRadar, or Google Chronicle.
- Forensics: Experience with EnCase, FTK, Volatility, or Velociraptor.
- Analysis: Tools like IDA Pro, Ghidra, Wireshark, and Burp Suite.
- Frameworks: Deep mastery of MITRE ATT&CK, Sigma, and YARA rules.
- Languages: Proficiency in Python or PowerShell for forensic automation and data analysis.
What you bring:
- 6–8+ years of experience in SOC Operations, Incident Response, or Threat Intelligence.
- Investigative Mindset: Proven ability to follow complex attack chains and reconstruct security incidents.
- Technical Depth: Hands-on experience with memory forensics, network traffic analysis, and host-based artifacts.
- Automation Drive: A passion for transforming manual investigation steps into automated detection and response flows.
- Certifications: GCIH, GCFA, GREM, or OSCP are highly valued.