Key Responsibilities: 

Lead forensic investigation and root cause analysis of cyber incidents across OT/ICS and IT environments  Coordinate incident response activities, manage breach containment, and ensure recovery compliance  Develop and maintain playbooks, SOPs, and readiness frameworks for both proactive and reactive DFIR measures  Build and manage forensic labs and tooling infrastructure for memory, disk, network, and cloud forensics  Interface with client CISO teams and legal/compliance teams during forensic escalations  Mentor and lead junior investigators and ensure skill development through hands-on training  Drive continuous improvement initiatives in forensic collection, chain of custody, and evidence handling procedures  Support expert testimony, litigation response, and legal documentation when required  Collaborate with red, blue, and purple teams for integrated threat mitigation strategy  Conduct forensic workshops, table-top exercises, and readiness assessments for clients  Liaise with global OEMs and DFIR product partners for capability enhancement 

 

Required Skills and Tools: 

Proficient in: EnCase, FTK, Magnet AXIOM, Autopsy, Volatility, Wireshark  Experience with EDR/XDR platforms (e.g., CrowdStrike, SentinelOne, Carbon Black)  Familiarity with OT forensic challenges – including air-gapped ICS/SCADA systems  Understanding of MITRE ATT&CK, cyber kill chain, and attacker TTPs  Hands-on with cloud forensics (AWS, Azure, GCP)  Deep knowledge of ICS protocols like Modbus, DNP3, OPC-UA, etc.  

Personality Traits & Leadership: 

Strong analytical and detail-oriented mindset  Strategic thinking with calmness under pressure  Proven leadership in crisis situations and stakeholder communication  Strong team management and mentorship capability  Collaborative and cross-functional coordination with SOC, engineering, legal, and client teams 

 

 

Bachelor’s or Master’s in Cybersecurity, Computer Science, or related fields  Preferred certifications: GCFA, GCFE, CHFI, CISSP, or equivalent  14 + years of cybersecurity experience with minimum 5 years in DFIR leadership roles  Experience managing DFIR services for critical infrastructure or consulting environments