Digital Forensics and Incident Response Consultant (DFIR)
WHO YOU ARE
We are seeking a Digital Forensics and Incident Response Consultant to join our growing team at Mirai. As a trusted advisor to our clients, the consultant is responsible for the containment and recovery of cyber security incidents with our clients. Leveraging your experience in digital forensics and incident response, you will provide clients with actionable guidance during active cyber incidents. The successful candidate will work directly with clients to analyze, contain, and recover from cyber threats and intrusions. With your strong technical and consulting skills, you will also guide and transform clients from reactive response to proactive cyber security posture, including incident response readiness.
Our clients rely on us to help them build tailored security programs to enable their business. The ideal candidate will be a self-driven, passionate cyber security professional with the right balance of technical know-how and business acumen to proactively engage with Mirai’s clients to understand their requirements and support their business objectives.
Engage with Mirai clients on incident response and forensics consultations
Respond and investigate active cyber incidents and support containment, eradication, and recovery activities
Determine root cause with available digital forensics and live detection data to provide client strategic and tactical recommendations to improve overall security posture and readiness
Perform host, network, and memory forensics on both on-prem and cloud environments
Perform analysis of artifacts in support of the investigation, including malware analysis, threat intelligence research, and SIEM analysis.
Develop incident response documentation for clients, such as incident response plans, playbooks, and runbooks
Facilitate incident response tabletop exercises with technical and non-technical teams and stakeholders
Leveraging your cyber security expertise and liaise with, coach, and advise business stakeholders and manage client expectations
Prepare and deliver strategic and tactical reports, documentation, presentation, or other solution collateral
Support the SecOps team in other consultation efforts in areas of detection and response as needed
QUALIFICATIONS & REQUIREMENTS
3 to 5 years of hands-on working experience in incident response or security operations with a strong focus on the analysis of cyber threats and intrusions, malware analysis, or digital forensics
Ability to work outside of core working hours on an as needs basis
Perpetual learner and self-motivator, able to work remotely with minimal supervision and manage a team effectively
Strong verbal and written communication skills to translate technical findings into strategic and tactical recommendations to reduce cyber security risks
Strong and practical understanding of offensive security methodologies
Cloud incident response with AWS, Azure, and/or GCP is an asset
Experience and comfortable in presenting findings and recommendations to non-technical audiences and executives
Certification or hands-on working experience with the Crowdstrike Falcon platform or Microsoft security stack is an asset
Experience with one or more commonly adopted security frameworks or standards such as ISO 27001, NIST CSF, CIS Top 20, PCI-DSS, etc.
Industry certifications in incident handling and forensics are an asset (GIAC, GCFE, GCFA). Crowdstrike certifications such as CCFA, CCFR, and CCFH are considered an asset
Hands-on experience with digital forensics analysis tools for incident response investigations in one or more of the following areas:
- Disk and Memory Forensics in Windows, Linux, and/or Mac environments
- Network traffic analysis
- Malware analysis
- Log analysis
- MS Active Directory and MS Office 365
- Cloud Forensics
- Working experience with threat protection and detection solutions, including SIEM, XDR, EDR, NDR, IDS/IPS, is an asset
GCIH: GIAC Certified Incident Handler
GCFE: GIAC Certified Forensic Examiner
GCFA: GIAC Certified Forensic Analyst
CCFR: GIAC Cloud Forensics Responder
CrowdStrike certs: (nice to haves)
CCFA: CrowdStrike Certified Falcon Administrator
CCFR: CrowdStrike Certified Falcon Responder
CCFH: CrowdStrike Certified Falcon Hunter
OUR VALUES AND VISION
The DNA of Mirai Security was forged out of Vancouver’s cyber security community by members who wanted to do security better. Mirai’s founders realized the potential of their community and resolved to develop a collective with a great culture that would naturally attract like-minded cyber security professionals to work as one. Our culture is defined by our purpose, core values, and people.
We not only seek out employees but people passionate about contributing to our company culture, our growth within the industry, and the greater cyber security community. You will be a great fit for us if you share our core values of Integrity, Care, Diversity, Growth-Mindset, and Innovation. We are looking for like-minded experts to help make our clients secure!
GROW PERSONALLY AND PROFESSIONALLY
We're a remote-first company and are proud to offer competitive salaries, including merit increases as well as performance bonuses. We also offer a comprehensive benefits package (including but not limited to health, dental, and vision), continuous learning opportunities, and community networking.
At Mirai Security, we want you to be confident bringing your whole self to work—we’re proud to be an inclusive company with a diverse team and values grounded in ethics and equality.
While we thank all applicants for their interest, only shortlisted applicants will be contacted.