Job
Description
Job Title: Subject Matter Expert (SME) β Windows Digital Forensics and Incident Response (DFIR) Location: On-site Department: Cybersecurity / Incident Response / Digital Forensics Employment Type: Full-time Experience Level: Senior (5+ years in DFIR) Job Summary: We are seeking a highly skilled Windows Digital Forensics and Incident Response (DFIR) Subject Matter Expert (SME) to lead Research & Develop to enhance our incident response capabilities. The ideal candidate will have deep expertise in Windows internals, malware analysis, memory forensics, and enterprise-scale incident response . Key Responsibilities: Provide Expert Guidance: Offer specialized knowledge and insights to cross-functional teams, including incident response, security, and IT teams, on Windows DFIR-related matters. Windows Event Logs (EVTX), Registry, Prefetch, ShimCache, AmCache, SRUM, and other forensic artifacts Tool Development & Automation: Improve IR playbooks for Windows-centric attacks. Develop memory analysis techniques for modern Windows versions (Win10/11, Linux). Conduct R&D on Forensic Investigations: in-depth analysis of Windows systems, network traffic, and related artifacts to identify and analyse malicious activities, data breaches, and other security incidents. Assist in Incident Response: Provide technical expertise and support during incident response activities, including evidence collection, analysis, containment, and remediation. Develop and Implement DFIR Procedures: Contribute to the development and implementation of Windows-specific DFIR procedures, guidelines, and tools. Stay Updated on DFIR Trends: Keep abreast of the latest advancements in Windows DFIR technologies, methodologies, and threat landscapes. Collaborate with Stakeholders: Work effectively with various stakeholders, including internal teams, external consultants, and law enforcement, to ensure successful outcomes. Document and Communicate Findings: Clearly and concisely document investigation findings, incident response actions, and technical recommendations. Provide Training and Mentorship: Share knowledge and expertise with colleagues through training sessions, mentoring, and knowledge sharing initiatives. Validate and Improve DFIR Capabilities: Continuously evaluate and improve the organization's Windows DFIR capabilities. Skills and Qualifications: Deep Knowledge of Windows: Extensive understanding of Windows operating systems, architecture, and internal components. Expertise in DFIR: Proven experience in digital forensics, incident response, and threat analysis. Proficiency in Forensic Tools: Familiarity with a range of digital forensics tools, including but not limited to: Windows-specific forensic tools (e.g., EnCase, FTK). Network forensic tools (e.g., Wireshark). SIEM tools (e.g., LogRhythm, QRadar). Threat intelligence platforms. Strong Communication Skills: Ability to effectively communicate technical information to both technical and non-technical audiences. Problem-Solving Skills: Capacity to analyze complex security issues and develop effective solutions. Analytical Skills: Ability to analyze data, identify patterns, and draw conclusions. Collaboration Skills: Ability to work effectively with diverse teams and stakeholders. Additional Requirements: Relevant certifications (e.g., GCFE, CISSP, CEH) are highly desirable. Experience with Windows/Linux technologies and related DFIR practices is an advantage. Experience with network traffic analysis and incident response methodologies is beneficial. Show more Show less
