Digital Forensics & Incident Response Lead

 Posted 2 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead complex forensic investigations and resolve critical security incidents such as data breaches and ransomware attacks. Manage the end-to-end forensic lifecycle from evidence collection to strategic containment and reporting.
Digital Forensics & Incident Response (DFIR) Lead

Engagement Profile: Digital Forensics & Incident Response (DFIR) Lead
Classification: 1099 Independent Contractor
Client Firm: RSI Security (Technical Operations)
Primary Liaison: Sr. Manager of Technical Operations
Compensation Structure: $100/hr

Engagement Summary

RSI Security is engaging an expert Digital Forensics & Incident Response (DFIR) Lead to spearhead complex forensic investigations and resolve critical security incidents. The Consultant will lead high-stakes engagements—including data breaches, ransomware response, and business email compromises—providing comprehensive analysis and actionable remediation strategies. Operating with full autonomy over methodologies, the Consultant is responsible for delivering expert-level forensic reporting and strategic guidance to safeguard client infrastructure.

Scope of Services & Project Deliverables

● Forensic Lifecycle Management: Execute the end-to-end forensic process—collection, examination, analysis, and reporting—ensuring technical rigor and evidentiary integrity.
● Evidence Preservation: Oversee the identification and acquisition of digital evidence from diverse sources while maintaining a strictly documented chain of custody and forensic soundness.
● Adversary Emulation & Mapping: Correlate observed behaviors against the MITRE ATT&CK® framework to pinpoint defensive gaps, validate existing controls, and enhance detection engineering.
● Strategic Containment: Architect containment strategies that balance operational continuity with the need to isolate threats and preserve volatile evidence during active incidents.
● Ad-Hoc Incident Consulting: Provide advanced analytical response and advisory services during high-severity security events, subject to the Consultant's availability and a mutually agreed-upon task order.

Service Level Agreement (SLAs) & Acceptance Criteria 

The Consultant’s services will be evaluated against the following deliverable standards: ≥
● Deliverable Deadlines: Ensure 90% of scheduled assessment reports and project deliverables are submitted to the Primary Liaison by the agreed-upon SOW deadline.
● Critical Finding Latency: Communicate 100% of Critical/High vulnerabilities to RSI Security leadership within 1 business day of discovery to ensure immediate client protection.
● Advanced Incident SLAs: Maintain 95% compliance with response and ≥ resolution SLAs on any specialized security escalations accepted by the Consultant.

Vendor Qualifications & Clearances

● Professional Experience: Minimum of 7–10 years of demonstrable experience in digital forensics, incident response, network traffic analysis, and malware triage as an independent consultant or agency.
● Industry Certifications: Must hold active, advanced security and forensic certifications (e.g., GCFA, GCIH, GNFA, CISSP, or equivalent).
● Clearance Requirement: Public Trust eligibility is required; Active Secret clearance is highly preferred, with the ability to obtain a Top Secret (TS/SCI) clearance if dictated by specific engagement task orders.
● Background Verification: The Consultant (and any personnel deployed by the Consultant) must successfully pass a comprehensive multi-jurisdictional background check prior to accessing sensitive RSI Security or client infrastructure.
● Technical & Compliance Proficiencies: Mastery of NIST SP 800-86 guidelines, enterprise network architecture, memory forensics, and advanced automation (Python, PowerShell, Bash). The Consultant must demonstrate proficiency in static and dynamic analysis—utilizing sandbox environments and reverse engineering platforms like Ghidra or IDA Pro—alongside deep experience in EDR/XDR ecosystems (CrowdStrike, SentinelOne, Defender). Expertise is required in cloud forensics (AWS, Azure, GCP), container security (Kubernetes), and alignment with the following compliance frameworks:
● ISO 42001
● NIST 800-171 & NIST AI RMF
● PCI DSS, PCI SSF, & PCI ASV
● CMMC Advisory & Assessment (C3PAO)
● HITRUST & HIPAA
● CIS & SOC2
● GDPR & CCPA

Vendor Expectations & Security Standards
● Forensic & Ethical Standards: Uphold strict responsible-disclosure practices and safeguard sensitive data at all times. Ensure tools are used reasonably and appropriately, safeguarding sensitive information recorded during forensic collections.
● Proactive Communication: Translate complex attack narratives into clear, actionable reporting for both technical and non-technical audiences.
● Data Security & Privacy: Maintain rigorous operational security (OPSEC) over all client data, utilizing encrypted channels and immediately relinquishing access and data upon project completion

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified