We investigate sophisticated intrusions, contain active threats, and help clients recover from attacks targeting the systems, data, and missions that matter most - from ransomware affecting essential operations to adversary activity in sovereign, regulated, and allied environments. Our work sits at the intersection of deep forensic tradecraft, fast-moving operational decision-making, and the national security realities that shape modern cyber defense.
As we continue to scale, we are building a dedicated DFIR capability. Working remotely, as our founding Senior DFIR Specialist you will play a defining part in shaping that practice - establishing how we respond, investigate, and deliver for clients in their most critical moments.
If you take pride in tracing adversary tradecraft, establishing the truth under pressure, and building something that endures, Malleum is where your craft meets purpose.The OpportunityWorking remotely and at client sites, in this role you'll deliver and lead hands-on digital forensics and incident response engagements for our clients, operating within enterprise and highly regulated environments, investigating active incidents, preserving and analyzing evidence, and supporting clients through containment, eradication, and recovery.
This is a critical hire and a foundational role within our nascent DFIR practice. In addition to leading investigations, you will help define how we execute incident response engagements - shaping methodologies, refining tooling, and establishing the standards that will scale as the practice grows.
This is a hands-on consulting role for a practitioner who combines strong investigative tradecraft with a builder mindset, and who can step in when incidents demand long hours, rapid mobilization, and sustained focus alongside experienced responders.What You’ll Do
- Lead and deliver digital forensics and incident response engagements across endpoint, network, cloud, and hybrid environments
- Direct complex investigations involving ransomware, intrusion, insider threat, and data compromise, identifying initial access, persistence, lateral movement, and exfiltration
- Collect, preserve, and analyze forensic artifacts including disk, memory, logs, authentication records, and network telemetry across enterprise and cloud environments
- Establish scope, timeline, and impact through structured, defensible investigative methodology, producing clear attack narratives and findings
- Advise clients in real time during active incidents on containment, eradication, recovery, and risk mitigation, supporting decision-making under pressure
- Produce high-quality deliverables including forensic reports, executive summaries, technical findings, and remediation recommendations, and deliver briefings to both technical and executive stakeholders
- Operate effectively within regulated, security-sensitive, and mission-critical environments, including rapid mobilization and sustained engagement during active incidents Contribute to the development and refinement of DFIR methodologies, playbooks, tooling, and investigative standards
- Help define and scale Malleum’s DFIR delivery model, establishing repeatable processes and consistent quality across engagements
- Collaborate with adjacent practices across offensive security, infrastructure, and program delivery during complex engagements
- Support scoping, estimation, and statement of work development for DFIR engagements Mentor junior practitioners and contribute to the growth of team capability and overall DFIR tradecraft
- 8+ years of experience in digital forensics, incident response, or closely related cybersecurity domains, including experience leading complex and high-impact investigations
- Proven experience operating in client-facing environments, including consulting, advisory, or incident response roles where stakeholder trust and communication are critical
- Strong technical proficiency across endpoint, network, and cloud forensics, with the ability to investigate, reconstruct, and articulate adversary activity
- Deep understanding of attacker tactics, techniques, and procedures, and the ability to map observed activity to meaningful conclusions
- Hands-on experience with enterprise DFIR tooling and methodologies across disk, memory, log, and network analysis
- Experience operating within modern enterprise environments, including Windows, Linux, Active Directory, and cloud platforms such as Microsoft 365 and Azure
- Excellent written communication skills, with the ability to produce clear, structured, and defensible forensic reports suitable for both technical and executive audiences
- Strong verbal communication and briefing skills, including experience presenting findings and recommendations to senior stakeholders
- Ability to translate complex technical findings into clear, actionable guidance during active and post-incident scenarios
- Strong analytical and critical thinking skills, with a disciplined approach to evidence handling, investigative integrity, and defensibility
- High attention to detail, with the ability to maintain accuracy and consistency under pressure and time constraints
- Ability to operate effectively in high-pressure environments, including during active incidents requiring extended hours and rapid decision-making
- Strong consulting mindset, including ownership of client outcomes, adaptability in ambiguous situations, and the ability to balance speed with rigor
- Experience managing multiple engagements or priorities in a consulting or incident response context
- Demonstrated ability to contribute to, mature, or build DFIR service offerings, including methodologies, tooling, and delivery frameworks
- Interest in shaping and scaling a DFIR practice, including defining processes, improving delivery quality, and building internal capability
- Experience mentoring or supporting junior practitioners and contributing to team development
- Professional certifications such as GCFA, GCFE, GCIH, GNFA, CISSP, or similar are considered an asset
- Play a foundational role in building and shaping a high-impact DFIR capability within a growing firm
- Work at the cutting edge of cyber defense on incidents with real operational and national consequence
- Engage directly with sophisticated adversaries and complex investigative challenges Join a team of experienced practitioners in a high-trust, high-performance environment
- Competitive compensation aligned to experience and market
Malleum is an equal opportunity employer. We welcome applications from all qualified candidates and are committed to building a team that reflects the communities and missions we serve.
We are committed to providing accommodations for individuals with disabilities throughout the recruitment process. Please let us know if you require accommodation at any stage.
Skills Required
- 8+ years of experience in digital forensics, incident response, or closely related cybersecurity domains, including leading complex investigations.
- Proven experience operating in client-facing environments (consulting, advisory, or incident response roles).
- Strong technical proficiency across endpoint, network, and cloud forensics with ability to investigate and reconstruct adversary activity.
- Deep understanding of attacker tactics, techniques, and procedures (TTPs) and ability to map activity to conclusions.
- Hands-on experience with enterprise DFIR tooling and methodologies across disk, memory, log, and network analysis.
- Experience with modern enterprise environments: Windows, Linux, Active Directory, Microsoft 365, and Azure.
- Excellent written communication skills for producing clear, structured, defensible forensic reports for technical and executive audiences.
- Strong verbal communication and briefing skills, including presenting findings to senior stakeholders.
- Ability to translate complex technical findings into clear, actionable guidance during active and post-incident scenarios.
- Strong analytical and critical thinking skills, disciplined evidence handling, investigative integrity, and attention to detail under pressure.
- Ability to operate effectively in high-pressure environments requiring extended hours, rapid mobilization, and sustained focus.
- Consulting mindset: ownership of client outcomes, adaptability in ambiguity, and experience managing multiple engagements/priorities.
- Demonstrated ability to contribute to, mature, or build DFIR service offerings, including methodologies, tooling, and delivery frameworks.
- Experience mentoring or supporting junior practitioners and contributing to team development.
- Professional certifications such as GCFA, GCFE, GCIH, GNFA, CISSP (considered an asset).
What We Do
Malleum isn’t your everyday, run-of-the-mill security firm. We’ve been successfully doing penetration tests and application assessments for over 15 years, with a focus on delivering high quality results to our clients. Our security assessments are more than just plugging in a scanner, running the latest tools, or checking a green box. Our research-driven team of highly hands-on information security specialists are capable of identifying some of the most sophisticated, hard-to-find vulnerabilities. Malleum’s team is made up of seasoned security professionals with experience assessing a wide range of organizations and applications. From Fortune 100s to public sector clients, online banking to critical infrastructure applications – we’ve done it all and we’re certain we can help your organization raise its security bar! Is your company ready to take our test?

.png)
.png)
.jpg)



