Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Jobs - Vice President, DFIR Washington, DC GCFE, GCIH, GNFA, GASF, GCTI, GCFA, GREM InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Vice President, DFIR
Company Stroz Friedberg, an Aon company
Location Washington, DC
Preferred GIAC Certifications GCFE, GCIH, GNFA, GASF, GCTI, GCFA, GREM
Travel 30%
Salary Not provided
Contact Name Robyn Brooks
Contact Email rbrooks/at/
Expires 2018-03-15

Job Description

Position: Vice President, Digital Forensics & Incident Response
Locations: Los Angeles, San Francisco and Washington DC

As a Vice President, you will manage local and regional teams of experts in running high-stakes, high-profile DFIR investigations for our clients. You are expected to have mastery of the fundamentals of running cybersecurity investigations and apply your deep industry experience and thought leadership in cybersecurity to your casework and client management. You will scope, coordinate, oversee, and perform numerous client cases and publish and speak on relevant topics in our industry, drive the strategic direction of the firm. The quality of the DFIR unit’s work and its continuing sterling reputation will rest with you.

What you will do…


-Serve as the primary point of contact with the client during an engagement.
-Provide expert testimony in trials, depositions, and other proceedings.
-Supervise local and regional DFIR staff, including coordinating teams of experts, assuring stellar work product, conducting annual performance reviews, and mentoring cybersecurity experts.
-Work independently as technical lead for critical corporate, legal, and government clients on high-profile matters.
-Ensure that client matters are staffed adequately and efficiently and that deadlines are met.
-Articulate expert opinions based on analysis, summarize complex breaches effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
-Seek opportunities to broaden expertise of the digital forensic examiners and staff through in house and outside training.
-Ensure the smooth functioning of the DFIR labs under your direct supervision; foster teamwork, information sharing, and inter-office collaboration and consistency.
-Identify emerging cybersecurity opportunities, and develop new strategic expertise and value propositions for the firm.
-Assist in recruiting efforts for the firm by developing interview processes and evaluation criteria for different levels within DFIR team.
-Create staffing models to ensure efficient utilization and appropriate placement of talent in engagements.
-Assist Engagement Managers and Enterprise Sales Teams with scoping proactive and reactive incident response client opportunities.

Technical Expertise

-Serve as technical lead on large and highly complex DFIR engagements.
-Must be highly technical and hands-on to perform the most complex forensic analyses handled by the firm
-Investigate network intrusions and other cyber security incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
-Participate in special forensic projects as required, including collection, preservation of electronic evidence.
-Research, develop and recommend hardware and software needed for incident response and help develop and maintain policies and procedures to analyze digital evidence.
-Represent Stroz Friedberg in targeted industry events, seminars and speaking engagements, contributing to substantive article and whitepaper writing as well as enhancing the firm’s market position as a provider of premium services within the incident response space.
-Interest in building intellectual capital for the firm by writing blogs, submitting CFP's and creating internal tools for analysis.
-Participate in technical meetings and working groups to address issues related to cyber security and incident preparedness and ability to create targeted remediation plans for clients who have been compromised.

Skills you will need…


-A demonstrated career in providing outstanding client service.
-Clarity in written and oral communication and proven ability to excel and persuade as an expert witness.
-Strong work ethic and motivation with a demonstrated history of ability to lead a team and develop talent. Even stronger analytic, quantitative, and creative problem-solving abilities.
-Confidence, humility, openness, kindness, and a commitment to learning and teaching others.
-Must be able to work collaboratively across with other DFIR team members across different physical locations.
-Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness to client matters and needs.

Functional Expertise

-GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
-Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
-Proficiency with industry-standard forensic toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite, and FTK, and experience presenting findings derived from such tools in sworn testimony.
-Proficiency with database querying and analysis.
-Experience with cloud infrastructures for the enterprise, such as Amazon Web -Services, G Suite, Office 365, and Azure.
-Experience with conducting log analysis of Windows Event Logs, Apache, IIS, and firewall logs.
-Ability to conduct basic malware analysis.
-Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
-Familiarity with computer system hardware and software installation and troubleshooting.

Education Required

Bachelor’s degree required. Approximately 8-10 years or more of sustained excellence in digital forensics, incident response, or applicable technical field.