Skip to content

Digital Forensics and Incident Response Consultant (DFIR)



We are seeking a Digital Forensics and Incident Response Consultant to join our growing team at Mirai. As a trusted advisor to our clients, the consultant is responsible for the containment and recovery of cyber security incidents with our clients. Leveraging your experience in digital forensics and incident response, you will provide clients with actionable guidance during active cyber incidents. The successful candidate will work directly with clients to analyze, contain, and recover from cyber threats and intrusions. With your strong technical and consulting skills, you will also guide and transform clients from reactive response to proactive cyber security posture, including incident response readiness.

Our clients rely on us to help them build tailored security programs to enable their business. The ideal candidate will be a self-driven, passionate cyber security professional with the right balance of technical know-how and business acumen to proactively engage with Mirai’s clients to understand their requirements and support their business objectives.


  • Engage with Mirai clients on incident response and forensics consultations

  • Respond and investigate active cyber incidents and support containment, eradication, and recovery activities

  • Determine root cause with available digital forensics and live detection data to provide client strategic and tactical recommendations to improve overall security posture and readiness

  • Perform host, network, and memory forensics on both on-prem and cloud environments

  • Perform analysis of artifacts in support of the investigation, including malware analysis, threat intelligence research, and SIEM analysis.

  • Develop incident response documentation for clients, such as incident response plans, playbooks, and runbooks

  • Facilitate incident response tabletop exercises with technical and non-technical teams and stakeholders

  • Leveraging your cyber security expertise and liaise with, coach, and advise business stakeholders and manage client expectations

  • Prepare and deliver strategic and tactical reports, documentation, presentation, or other solution collateral

  • Support the SecOps team in other consultation efforts in areas of detection and response as needed


  • 3 to 5 years of hands-on working experience in incident response or security operations with a strong focus on the analysis of cyber threats and intrusions, malware analysis, or digital forensics

  • Ability to work outside of core working hours on an as needs basis

  • Perpetual learner and self-motivator, able to work remotely with minimal supervision and manage a team effectively

  • Strong verbal and written communication skills to translate technical findings into strategic and tactical recommendations to reduce cyber security risks

  • Strong and practical understanding of offensive security methodologies

  • Cloud incident response with AWS, Azure, and/or GCP is an asset

  • Experience and comfortable in presenting findings and recommendations to non-technical audiences and executives

  • Certification or hands-on working experience with the Crowdstrike Falcon platform or Microsoft security stack is an asset

  • Experience with one or more commonly adopted security frameworks or standards such as ISO 27001, NIST CSF, CIS Top 20, PCI-DSS, etc.

  • Industry certifications in incident handling and forensics are an asset (GIAC, GCFE, GCFA). Crowdstrike certifications such as CCFA, CCFR, and CCFH are considered an asset

  • Hands-on experience with digital forensics analysis tools for incident response investigations in one or more of the following areas:

    - Disk and Memory Forensics in Windows, Linux, and/or Mac environments

    - Network traffic analysis

    - Malware analysis

    - Log analysis

    - MS Active Directory and MS Office 365

    - Cloud Forensics

    - Working experience with threat protection and detection solutions, including SIEM, XDR, EDR, NDR, IDS/IPS, is an asset

  • Desired Certifications:

    GIAC Certifications:
    GCIH: GIAC Certified Incident Handler
    GCFE: GIAC Certified Forensic Examiner
    GCFA: GIAC Certified Forensic Analyst
    CCFR: GIAC Cloud Forensics Responder

    CrowdStrike certs: (nice to haves)
    CCFA: CrowdStrike Certified Falcon Administrator
    CCFR: CrowdStrike Certified Falcon Responder
    CCFH: CrowdStrike Certified Falcon Hunter



The DNA of Mirai Security was forged out of Vancouver’s cyber security community by members who wanted to do security better. Mirai’s founders realized the potential of their community and resolved to develop a collective with a great culture that would naturally attract like-minded cyber security professionals to work as one. Our culture is defined by our purpose, core values, and people.

We not only seek out employees but people passionate about contributing to our company culture, our growth within the industry, and the greater cyber security community. You will be a great fit for us if you share our core values of Integrity, Care, Diversity, Growth-Mindset, and Innovation. We are looking for like-minded experts to help make our clients secure!


We're a remote-first company and are proud to offer competitive salaries, including merit increases as well as performance bonuses. We also offer a comprehensive benefits package (including but not limited to health, dental, and vision), continuous learning opportunities, and community networking.

At Mirai Security, we want you to be confident bringing your whole self to work—we’re proud to be an inclusive company with a diverse team and values grounded in ethics and equality.

While we thank all applicants for their interest, only shortlisted applicants will be contacted.