Jobs · Consulting

Principal Consultant, DFIR, Reactive Services (Unit 42) - Remote Weekend Shift

Palo Alto Networks · Burbank, CA · 2 wk ago
RemoteRemoteConsulting$151k–$208k/yrFull-time

Job Summary

The Principal Consultant, Reactive Services is a senior individual contributor role within Unit 42 responsible for delivering expert-level incident response and digital forensics services to clients across a wide range of industries and environments. In this role, you will serve as a technical leader on active investigations, partnering with Consulting Directors and engagement teams to respond to complex cybersecurity incidents. You will lead forensic investigations, identify attacker activity, determine scope and impact, and guide clients through containment, remediation, and recovery efforts. This position is ideal for an experienced DFIR practitioner who thrives in fast-paced incident response environments and enjoys solving complex technical challenges during critical security events.

Shift Requirement

This role supports Unit 42's 24x7 incident response operations and requires a dedicated weekend overnight schedule consisting of four 10-hour shifts from Friday through Monday.

Key Responsibilities

  • Lead digital forensics and incident response investigations across enterprise environments.
  • Serve as a technical lead on incident response engagements.
  • Conduct host, network, and cloud investigations to identify root cause, attacker activity, and scope of compromise.
  • Utilize industry-standard DFIR tools and methodologies to support incident containment and recovery.
  • Deliver clear findings and remediation guidance to clients and stakeholders.
  • Support development of DFIR playbooks, tools, and investigative methodologies.
  • Mentor team members and contribute to knowledge sharing across Unit 42.

Qualifications

  • Required:
  • Bachelor's degree or equivalent practical experience.
  • 6–8+ years of experience in DFIR, incident response, security operations, or related cybersecurity disciplines.
  • Experience investigating ransomware, intrusion activity, and other enterprise-scale security incidents.
  • Strong understanding of forensic acquisition, evidence handling, and investigative methodologies.
  • Hands-on experience with DFIR tools such as EnCase, FTK, SleuthKit, Volatility, or equivalent frameworks.
  • Experience investigating Windows, Linux, and macOS environments.
  • Strong analytical, problem-solving, and client-facing communication skills.

Preferred Qualifications

  • Experience responding to large-scale enterprise security incidents.
  • Knowledge of MITRE ATT&CK and modern adversary tradecraft.
  • Experience with malware triage or reverse engineering.
  • Background in consulting, incident response, MDR, SOC, or other 24x7 security operations environments.
  • Certifications such as GCFA, GCFE, GCIH, CISSP, or similar.
  • Ability to work a dedicated weekend overnight schedule consisting of four 10-hour shifts from Friday through Monday.
  • Ability to travel up to 20% as required.

Similar jobs