Senior Engineer, Cybersecurity DFIR - #1107617

Job Purpose

ICE is seeking an experienced Senior DFIR (Digital Forensics and Incident Response) Engineer to join our cybersecurity team. As a Senior Engineer, you will play a critical role in detecting, investigating, and responding to security incidents, while proactively hunting for threats and implementing countermeasures. This position demands technical expertise, analytical thinking, and strong communication skills in a fast-paced, high-stakes environment.

Responsibilities

• Incident Management & Response: Lead the detection, investigation, containment, and remediation of security incidents.

• Digital Forensics: Conduct in-depth forensic analysis of memory, disk, endpoint and network artifacts to reconstruct incident timelines and identify root causes.

• Cloud & Hybrid Forensics: Investigate incidents in cloud-native and hybrid environments (e.g., AWS, Azure, containers), ensuring proper evidence handling and response.

• Security Analytics & Threat Hunting: Analyze large datasets to detect anomalies, uncover hidden threats, and proactively hunt for indicators of compromise (IOCs).

• Malware Analysis & Reverse Engineering: Perform static and dynamic analysis of malware to understand behavior, impact, and attribution.

• Threat Mitigation: Design and implement preventative and corrective security controls to address emerging threats and reduce risk exposure.

• Behavioral Analysis: Develop detection criteria and analytics to identify suspicious user behavior and potential insider threats.

• Reporting & Communication: Produce detailed technical reports and executive summaries to communicate findings, impact, and recommendations to stakeholders.

Knowledge and Experience

• 3+ years of experience in Digital Forensics and Incident Response (DFIR), cybersecurity operations or threat detection and hunting.

• Technical expertise in cybersecurity in two of the following areas: network security, web application assessments, scripting, cloud security, malware analysis, reverse engineering, network or endpoint forensics.

• Hands-on experience with enterprise security tools including SIEM (e.g., Splunk, QRadar), IDS/IPS, forensic suites (e.g. EnCase, Volatility, Autopsy, X-Ways, Magnet Axiom), and malware analysis platforms.

• Experience in cloud and container security, including incident response in AWS, Azure, and hybrid environments.

• Proficient in at least one scripting language (e.g. Python, Bash, PowerShell, JavaScript, etc.)

• Familiarity with MITRE ATT&CK framework and threat intelligence platforms.

• Demonstrated ability to communicate complex technical findings to both technical and non-technical audiences.

• Relevant certifications such as GIAC GCFA, GCIA, GCIH, CISSP, or OSCP.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, related technical field, or equivalent practical experience.