Senior Director, Digital Forensics and Incident Response
BlueVoyant · United States · 2 wk ago
RemoteRemoteEducationFull-time
About the role
This is a client-facing leadership role responsible for guiding organizations through critical moments—from initial response through investigation, containment, and recovery—while advising executives, legal counsel, and technical teams.
Responsibilities
- Act as incident commander for complex DFIR engagements end-to-end
- Serve as the primary client lead, advising executives, legal counsel, insurers, and stakeholders
- Lead investigations across ransomware, BEC, cloud/identity compromise, insider threat, and advanced attacks
- Direct forensic analysis across endpoints, cloud, identity, SaaS, email, and network environments
- Translate technical findings into clear business risk and remediation guidance
- Lead executive briefings, client updates, and post-incident reviews
- Manage multiple concurrent incidents in fast-paced, high-pressure environments
- Mentor and develop DFIR consultants and technical teams
- Support incident readiness, tabletop exercises, and client growth initiative
Requirements
- 3–5 years of hands-on DFIR experience in real-world incidents
- 6–10 years in client-facing consulting, incident response, or cyber advisory roles
- Proven experience as an incident commander or senior DFIR lead
- Strong background in ransomware, cloud/identity compromise, and complex attack investigations
- Experience working directly with executives, legal counsel, insurers, and technical teams
- Able to manage multiple stakeholders, workstreams, and timelines under pressure
- Leadership experience mentoring or managing technical teams
- Strong knowledge across endpoint, cloud, identity, SaaS, and network forensics
- Experience with tools such as EnCase, FTK, Magnet AXIOM, Velociraptor, Splunk, Sentinel, CrowdStrike (or similar)
- Familiarity with Microsoft 365, Entra ID, Azure, AWS, Okta, Google Workspace
- Understanding of attacker tradecraft, including persistence, lateral movement, and data exfiltration
- Working knowledge of KQL, SPL, SQL, PowerShell, Python, or Bash
- Exceptional communication skills—able to translate technical issues into business impact
- Strong judgment in high-stress, ambiguous environments
- Composed, credible, and client-focused under pressure
Qualifications
- Leadership experience mentoring or managing technical teams
- Strong knowledge across endpoint, cloud, identity, SaaS, and network forensics
- Experience with tools such as EnCase, FTK, Magnet AXIOM, Velociraptor, Splunk, Sentinel, CrowdStrike (or similar)
- Familiarity with Microsoft 365, Entra ID, Azure, AWS, Okta, Google Workspace
- Understanding of attacker tradecraft, including persistence, lateral movement, and data exfiltration
- Working knowledge of KQL, SPL, SQL, PowerShell, Python, or Bash
- Exceptional communication skills—able to translate technical issues into business impact
- Strong judgment in high-stress, ambiguous environments
- Composed, credible, and client-focused under pressure
Skills
- Strong background in ransomware, cloud/identity compromise, and complex attack investigations
- Experience working directly with executives, legal counsel, insurers, and technical teams
- Ability to manage multiple stakeholders, workstreams, and timelines under pressure
- Leadership experience mentoring or managing technical teams
- Strong knowledge across endpoint, cloud, identity, SaaS, and network forensics
- Experience with tools such as EnCase, FTK, Magnet AXIOM, Velociraptor, Splunk, Sentinel, CrowdStrike (or similar)
- Familiarity with Microsoft 365, Entra ID, Azure, AWS, Okta, Google Workspace
- Understanding of attacker tradecraft, including persistence, lateral movement, and data exfiltration
- Working knowledge of KQL, SPL, SQL, PowerShell, Python, or Bash
- Exceptional communication skills—able to translate technical issues into business impact
- Strong judgment in high-stress, ambiguous environments
- Composed, credible, and client-focused under pressure
Benefits
- Work alongside experienced DFIR leaders and experts, including former government cyber professionals and industry veterans.
- Lead high-impact, global cyber investigations, supporting clients through critical, business-defining incidents
- Gain exposure to complex environments, executive stakeholders, and advanced threat scenarios across industries
- Join a global, mission-driven cybersecurity company defending organizations worldwide with cutting-edge data, technology, and expertise
- Competitive compensation and comprehensive benefits package, with support for wellbeing, development, and career growth
Pay
Competitive compensation and comprehensive benefits package, with support for wellbeing, development, and career growth.
Schedule
Remote, US