Senior DFIR Consultant

Posted yesterday

Worldwide

Summary

Positka is seeking an experienced Senior DFIR Consultant who can independently lead Incident Response and Digital Forensics engagements from detection through closure. The role requires deep expertise in forensic investigations, root cause analysis, threat hunting, and stakeholder management while supporting enterprise customers across diverse industries. Positka is committed to investing in best-in-class training and certifications, while offering opportunities to work on cutting-edge initiatives with leading global organizations. Role Description The Senior DFIR Consultant is responsible for leading end-to-end Digital Forensics and Incident Response (DFIR) engagements, conducting advanced forensic investigations, managing cybersecurity incidents, and delivering comprehensive Root Cause Analysis (RCA) reports. The role requires strong technical expertise across endpoint, cloud, and network environments and the ability to communicate findings effectively to both technical and executive stakeholders. Based in Chennai, the role requires collaboration with internal security teams, customers, and leadership teams across geographies. As a Senior DFIR Consultant, you will be responsible for: Incident Response • Lead end-to-end incident response engagements including triage, scoping, containment, eradication, recovery, and post-incident reporting. • Investigate and identify attack vectors, adversary tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK. • Manage complex incidents involving identity compromise, cloud attacks, ransomware, phishing, business email compromise (BEC), and advanced persistent threats. • Coordinate with customer IT, Security Operations, and leadership teams to provide timely updates and remediation guidance. • Prepare detailed incident reports, attack timelines, impact assessments, and remediation roadmaps. Digital Forensics • Conduct host-based and cloud forensic investigations across Windows, Linux, macOS, Microsoft 365, Azure, AWS, and other enterprise environments. • Acquire, preserve, and analyze digital evidence while maintaining chain-of-custody requirements. • Perform memory forensics, disk image analysis, log correlation, and artifact examination to reconstruct attacker activity. • Independently prepare executive-level Root Cause Analysis (RCA) reports suitable for customers, auditors, legal teams, and regulators. • Support e-discovery, compliance, and litigation-hold requirements when required. Collaboration & Leadership • Work closely with Threat Intelligence, SOC, Detection Engineering, and Security Operations teams to enhance investigations. • Provide mentorship and technical guidance to junior analysts and DFIR team members. • Contribute to the development and enhancement of incident response playbooks, forensic methodologies, reporting standards, and operational procedures. • Participate in purple team exercises, tabletop exercises, and post-incident reviews to improve organizational security posture. • Present investigation findings and incident summaries to senior stakeholders, including executive leadership and customer CXOs. Analytical/Decision Making Responsibilities: • Analyze security incidents and forensic evidence to determine root causes, attack paths, and business impact. • Evaluate and prioritize containment and remediation actions during active incidents. • Make informed decisions on evidence collection, forensic methodologies, and investigation strategies. • Identify emerging threats, attack trends, and process improvement opportunities. • Provide clear recommendations to customers and leadership teams to strengthen security controls and reduce future risk exposure. • Maintain high standards of accuracy, confidentiality, and professionalism throughout investigations. Experience, skills, education: • 7+ years of cybersecurity experience with at least 5 years in hands-on Digital Forensics and Incident Response roles. • A Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field is preferred, though not mandatory for candidates with strong hands-on experience. • Experience working within MSSPs, consulting organizations, or enterprise Security Operations environments. • Proven ability to independently manage and conclude complex forensic investigations and incident response engagements. • Hands-on experience investigating ransomware, credential theft, AiTM phishing, BEC, supply chain attacks, and advanced cyber threats. • Experience presenting investigation findings and remediation recommendations to senior stakeholders and executive leadership. Technical Skills • Strong expertise in Digital Forensics and Incident Response methodologies. • Hands-on experience with forensic tools such as Velociraptor, FTK, Autopsy, Volatility, KAPE, and Eric Zimmerman tools. • Experience with SIEM platforms including Microsoft Sentinel, Splunk, or equivalent technologies. • Strong knowledge of cloud investigation and monitoring technologies including Azure Monitor, Microsoft 365, AWS CloudTrail, GuardDuty, and GCP Audit Logs. • Experience with scripting and automation using Python, PowerShell, or Bash.

  • Less than 30 hrs/week
    Hourly
  • 6+ months
    Duration
  • Expert
    Experience Level
  • Remote Job
  • Complex project
    Project Type

Contract-to-hire opportunity

This lets talent know that this job could become full time.
Learn more
Skills and Expertise
Mandatory skills
MITRE ATT&CK
Velociraptor, FTK, Autopsy, Volatility, KAPE, Eric Zimmerman tools
Activity on this job
  • Proposals:Less than 5
  • Last viewed by client:yesterday
  • Interviewing:
    0
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jul 7, 2026
  • India
    7:22 AM

Explore similar jobs on Upwork

UK Cybersecurity Sales ProfessionalHourly‐ Posted 3 weeks ago
Sales
Phone Communication
Telemarketing
Cold Calling
Help with cyber security photoshopHourly‐ Posted 10 months ago
Penetration Testing
System Security
Cybersecurity Management
Vulnerability Assessment
Security Assessment & Testing
Network Penetration Testing
Testing
Software Testing
Ethical Hacking
Threat Detection

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo