Senior DFIR Specialist

About MalleumMalleum is at the forefront of next-generation cyber defense, partnering with marquee clients across space, aerospace, defense, government, financial services, and critical infrastructure. We're experiencing exceptional growth as demand accelerates for trusted advisors capable of delivering at the intersection of national security, allied intelligence cooperation, and enterprise resilience.
We investigate sophisticated intrusions, contain active threats, and help clients recover from attacks targeting the systems, data, and missions that matter most - from ransomware affecting essential operations to adversary activity in sovereign, regulated, and allied environments. Our work sits at the intersection of deep forensic tradecraft, fast-moving operational decision-making, and the national security realities that shape modern cyber defense.
As we continue to scale, we are building a dedicated DFIR capability. The Senior DFIR Specialist will play a defining part in shaping that practice - establishing how we respond, investigate, and deliver for clients in their most critical moments.
If you take pride in tracing adversary tradecraft, establishing the truth under pressure, and building something that endures, Malleum is where your craft meets purpose.The OpportunityWorking remotely and at client sites, in this role you'll deliver and lead hands-on digital forensics and incident response engagements for our clients, operating within enterprise and highly regulated environments, investigating active incidents, preserving and analyzing evidence, and supporting clients through containment, eradication, and recovery.
This is a critical hire and a foundational role within our nascent DFIR practice. In addition to leading investigations, you will help define how we execute incident response engagements - shaping methodologies, refining tooling, and establishing the standards that will scale as the practice grows.
This is a hands-on consulting role for a practitioner who combines strong investigative tradecraft with a builder mindset, and who can step in when incidents demand long hours, rapid mobilization, and sustained focus alongside experienced responders.What You’ll Do

• Lead and deliver digital forensics and incident response engagements across endpoint, network, cloud, and hybrid environments
• Direct complex investigations involving ransomware, intrusion, insider threat, and data compromise, identifying initial access, persistence, lateral movement, and exfiltration
• Collect, preserve, and analyze forensic artifacts including disk, memory, logs, authentication records, and network telemetry across enterprise and cloud environments
• Establish scope, timeline, and impact through structured, defensible investigative methodology, producing clear attack narratives and findings
• Advise clients in real time during active incidents on containment, eradication, recovery, and risk mitigation, supporting decision-making under pressure
• Produce high-quality deliverables including forensic reports, executive summaries, technical findings, and remediation recommendations, and deliver briefings to both technical and executive stakeholders
• Operate effectively within regulated, security-sensitive, and mission-critical environments, including rapid mobilization and sustained engagement during active incidents Contribute to the development and refinement of DFIR methodologies, playbooks, tooling, and investigative standards
• Help define and scale Malleum’s DFIR delivery model, establishing repeatable processes and consistent quality across engagements
• Collaborate with adjacent practices across offensive security, infrastructure, and program delivery during complex engagements
• Support scoping, estimation, and statement of work development for DFIR engagements Mentor junior practitioners and contribute to the growth of team capability and overall DFIR tradecraft

What You Bring

• 8+ years of experience in digital forensics, incident response, or closely related cybersecurity domains, including experience leading complex and high-impact investigations
• Proven experience operating in client-facing environments, including consulting, advisory, or incident response roles where stakeholder trust and communication are critical
• Strong technical proficiency across endpoint, network, and cloud forensics, with the ability to investigate, reconstruct, and articulate adversary activity
• Deep understanding of attacker tactics, techniques, and procedures, and the ability to map observed activity to meaningful conclusions
• Hands-on experience with enterprise DFIR tooling and methodologies across disk, memory, log, and network analysis
• Experience operating within modern enterprise environments, including Windows, Linux, Active Directory, and cloud platforms such as Microsoft 365 and Azure
• Excellent written communication skills, with the ability to produce clear, structured, and defensible forensic reports suitable for both technical and executive audiences
• Strong verbal communication and briefing skills, including experience presenting findings and recommendations to senior stakeholders
• Ability to translate complex technical findings into clear, actionable guidance during active and post-incident scenarios
• Strong analytical and critical thinking skills, with a disciplined approach to evidence handling, investigative integrity, and defensibility
• High attention to detail, with the ability to maintain accuracy and consistency under pressure and time constraints
• Ability to operate effectively in high-pressure environments, including during active incidents requiring extended hours and rapid decision-making
• Strong consulting mindset, including ownership of client outcomes, adaptability in ambiguous situations, and the ability to balance speed with rigor
• Experience managing multiple engagements or priorities in a consulting or incident response context
• Demonstrated ability to contribute to, mature, or build DFIR service offerings, including methodologies, tooling, and delivery frameworks
• Interest in shaping and scaling a DFIR practice, including defining processes, improving delivery quality, and building internal capability
• Experience mentoring or supporting junior practitioners and contributing to team development
• Professional certifications such as GCFA, GCFE, GCIH, GNFA, CISSP, or similar are considered an asset

Why Malleum

• Play a foundational role in building and shaping a high-impact DFIR capability within a growing firm
• Work at the cutting edge of cyber defense on incidents with real operational and national consequence
• Engage directly with sophisticated adversaries and complex investigative challenges Join a team of experienced practitioners in a high-trust, high-performance environment
• Competitive compensation aligned to experience and market

Malleum is an equal opportunity employer. We welcome applications from all qualified candidates and are committed to building a team that reflects the communities and missions we serve.
We are committed to providing accommodations for individuals with disabilities throughout the recruitment process. Please let us know if you require accommodation at any stage.