Jobs · Information Technology · Illinois

Digital Forensics & Incident Response (DFIR) Lead

RSM US LLP · Chicago, IL · 2 wk ago
Information Technology$107k–$215k/yrFull-time

Responsibilities

  • Serve as incident commander during high-severity events, particularly ransomware and enterprise-scale breaches.
  • Oversee multiple concurrent engagements, ensuring quality, consistency, and appropriate resource allocation.
  • Define investigative strategy and escalation thresholds for complex incidents.
  • Align technical response with legal, regulatory, insurance, and executive considerations.
  • Review and approve investigative findings, containment validation, and executive reporting.
  • Act as senior advisor to client executives, legal counsel, and cyber insurers.
  • Provide guidance to Supervisors on advanced investigative decisions and complex threat actor scenarios.
  • Maintain executive-level communication cadence during incidents.
  • Support development of standardized methodologies, playbooks, and quality controls across the practice.
  • Mentor Supervisors and Consultants in both technical depth and client leadership.
  • Participate in on-call rotation and provide oversight during critical incidents.

Requirements

  • Expertise in all areas is not required; however, candidates should demonstrate strong foundational knowledge and a willingness to continuously learn and expand their capabilities.
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.
  • Proven experience leading enterprise-scale ransomware and breach investigations.
  • Deep understanding of:
    • Threat actor operations and ransomware tradecraft
    • Identity compromise and domain-level persistence
    • Cloud and hybrid environment incident response
    • Data exfiltration risk assessment and reporting
  • Strong hands-on familiarity with EDR platforms, SIEM technologies, and forensic toolsets.
  • Demonstrated ability to manage multiple high-pressure engagements simultaneously.
  • Experience coordinating with legal counsel, cyber insurance carriers, and executive leadership.
  • Strong executive presence and crisis communication ability.
  • Experience mentoring and developing DFIR leaders.
  • Certifications such as GCFA, GCIH, CISSP, OSCP, or equivalent preferred.
  • Willingness to participate in on-call rotation.

Qualifications

  • No specific qualifications mentioned beyond the requirements listed above.

Skills

  • Strong incident command authority.
  • Deep ransomware experience.
  • The ability to guide cross-functional response efforts at the executive level.
  • Technical excellence.
  • Engagement delivery.
  • Stakeholder alignment.
  • Operational leadership during crisis response.

Benefits

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

Pay

Compensation Range: $107,000 - $214,500

Schedule

Not specified

Benefits

Not specified

Similar jobs