SME Windows Digital Forensics and Incident Response (DFIR)

As a Subject Matter Expert (SME) in Windows Digital Forensics and Incident Response (DFIR), your role will involve leading Research & Development to enhance incident response capabilities. You will provide expert guidance to cross-functional teams on Windows DFIR-related matters and improve IR playbooks for Windows-centric attacks. Your responsibilities will include developing memory analysis techniques, conducting in-depth forensic investigations, and assisting in incident response activities. Additionally, you will contribute to the development and implementation of Windows-specific DFIR procedures, stay updated on DFIR trends, collaborate with stakeholders, document findings, provide training and mentorship, and validate and improve DFIR capabilities. Key Responsibilities: - Offer specialized knowledge and insights on Windows DFIR-related matters to cross-functional teams - Improve IR playbooks for Windows-centric attacks - Develop memory analysis techniques for modern Windows versions - Conduct R&D on forensic investigations of Windows systems and network traffic - Provide technical expertise and support during incident response activities - Contribute to the development and implementation of Windows-specific DFIR procedures - Keep abreast of the latest advancements in Windows DFIR technologies - Work effectively with various stakeholders to ensure successful outcomes - Document investigation findings, incident response actions, and technical recommendations - Share knowledge and expertise through training sessions and mentoring - Continuously evaluate and improve the organization's Windows DFIR capabilities Qualifications Required: - Deep knowledge of Windows operating systems, architecture, and internal components - Proven experience in digital forensics, incident response, and threat analysis - Familiarity with a range of digital forensics tools including EnCase, FTK, Wireshark, LogRhythm, QRadar - Strong communication, problem-solving, analytical, and collaboration skills - Relevant certifications such as GCFE, CISSP, CEH are highly desirable - Experience with Windows/Linux technologies and related DFIR practices is an advantage - Experience with network traffic analysis and incident response methodologies is beneficial Note: No additional details of the company were provided in the job description.,