Senior DFIR Specialist

About Us
We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers.
With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely.
We’re a small group that makes a big impact. Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we’re currently searching for a Senior DFIR Specialist to strengthen our incident response and threat-hunting capabilities while helping lead and mentor others on our team.
Role Profile
In this role, working remotely, you will lead and execute complex digital forensics and incident response engagements for Malleum clients facing sophisticated threat actors. You will act as both a hands-on practitioner and a technical leader, coordinating investigations, guiding responders, and working closely with Red Team and threat emulation specialists to understand and counter real-world adversaries.
This is an outstanding opportunity to join a fast-growing consultancy in a role that is critical to protecting organizations against advanced, persistent threats.
Key Responsibilities

• Lead and perform end-to-end DFIR investigations, including evidence acquisition, analysis, containment, and remediation.
• Analyze attacker behavior across endpoints, networks, and cloud environments, with a strong focus on adversarial TTPs and attacker tradecraft.
• Apply Red Team and adversary emulation insights to improve detection, response, and containment strategies.
• Serve as a technical lead on incident response engagements, coordinating activities and guiding junior team members.
• Communicate findings clearly to both technical and non-technical stakeholders, including executive-level audiences.
• Contribute to the development of DFIR playbooks, detection logic, and internal methodologies.
• Support threat hunting, post-incident reviews, and proactive security improvement initiatives for clients.

Candidate Profile
As an ideal candidate, you are a deeply technical DFIR professional who thrives in hands-on investigations and is equally comfortable stepping into a leadership role when required. You have a strong understanding of modern adversaries, their tactics, techniques, and procedures, and you enjoy working collaboratively across offensive and defensive security functions.
Key Qualifications

• Extensive experience in digital forensics and incident response across enterprise environments.
• Strong knowledge of adversarial TTPs, attacker tooling, and intrusion lifecycle stages.
• Practical exposure to Red Teaming or adversary emulation concepts, and the ability to translate offensive insights into defensive action.
• Demonstrated ability to lead or mentor team members during high-pressure incident response engagements.
• Experience with endpoint, network, and cloud forensic analysis tools and techniques.
• Excellent written and verbal communication skills, with the ability to produce clear, actionable reports.

We thank all applicants for their interest, but only those selected for an interview will be contacted.
Malleum accommodates individuals with disabilities throughout the recruitment process. Please indicate your need for accommodations in your application.