Senior DFIR Specialist

Reposted 3 Days Ago
Be an Early Applicant
Ottawa, ON, CAN
In-Office
Senior level
Cloud • Cybersecurity
The Power to Know Ahead
The Role
Lead hands-on digital forensics and incident response engagements across endpoint, network, cloud and hybrid environments. Investigate ransomware, intrusions, insider threat and data compromise; collect and analyze disk, memory, logs, and network telemetry; advise clients during active incidents; produce forensic reports and executive briefings; refine DFIR methodologies, tooling, and delivery; mentor junior practitioners and support scoping and delivery of engagements.
Summary Generated by Built In
About MalleumMalleum is at the forefront of next-generation cyber defense, partnering with marquee clients across space, aerospace, defense, government, financial services, and critical infrastructure. We're experiencing exceptional growth as demand accelerates for trusted advisors capable of delivering at the intersection of national security, allied intelligence cooperation, and enterprise resilience.
We investigate sophisticated intrusions, contain active threats, and help clients recover from attacks targeting the systems, data, and missions that matter most - from ransomware affecting essential operations to adversary activity in sovereign, regulated, and allied environments. Our work sits at the intersection of deep forensic tradecraft, fast-moving operational decision-making, and the national security realities that shape modern cyber defense.
As we continue to scale, we are building a dedicated DFIR capability. Working remotely, as our founding Senior DFIR Specialist you will play a defining part in shaping that practice - establishing how we respond, investigate, and deliver for clients in their most critical moments.
If you take pride in tracing adversary tradecraft, establishing the truth under pressure, and building something that endures, Malleum is where your craft meets purpose.The OpportunityWorking remotely and at client sites, in this role you'll deliver and lead hands-on digital forensics and incident response engagements for our clients, operating within enterprise and highly regulated environments, investigating active incidents, preserving and analyzing evidence, and supporting clients through containment, eradication, and recovery.
This is a critical hire and a foundational role within our nascent DFIR practice. In addition to leading investigations, you will help define how we execute incident response engagements - shaping methodologies, refining tooling, and establishing the standards that will scale as the practice grows.
This is a hands-on consulting role for a practitioner who combines strong investigative tradecraft with a builder mindset, and who can step in when incidents demand long hours, rapid mobilization, and sustained focus alongside experienced responders.What You’ll Do
  • Lead and deliver digital forensics and incident response engagements across endpoint, network, cloud, and hybrid environments
  • Direct complex investigations involving ransomware, intrusion, insider threat, and data compromise, identifying initial access, persistence, lateral movement, and exfiltration
  • Collect, preserve, and analyze forensic artifacts including disk, memory, logs, authentication records, and network telemetry across enterprise and cloud environments
  • Establish scope, timeline, and impact through structured, defensible investigative methodology, producing clear attack narratives and findings
  • Advise clients in real time during active incidents on containment, eradication, recovery, and risk mitigation, supporting decision-making under pressure
  • Produce high-quality deliverables including forensic reports, executive summaries, technical findings, and remediation recommendations, and deliver briefings to both technical and executive stakeholders
  • Operate effectively within regulated, security-sensitive, and mission-critical environments, including rapid mobilization and sustained engagement during active incidents Contribute to the development and refinement of DFIR methodologies, playbooks, tooling, and investigative standards
  • Help define and scale Malleum’s DFIR delivery model, establishing repeatable processes and consistent quality across engagements
  • Collaborate with adjacent practices across offensive security, infrastructure, and program delivery during complex engagements
  • Support scoping, estimation, and statement of work development for DFIR engagements Mentor junior practitioners and contribute to the growth of team capability and overall DFIR tradecraft
What You Bring
  • 8+ years of experience in digital forensics, incident response, or closely related cybersecurity domains, including experience leading complex and high-impact investigations
  • Proven experience operating in client-facing environments, including consulting, advisory, or incident response roles where stakeholder trust and communication are critical
  • Strong technical proficiency across endpoint, network, and cloud forensics, with the ability to investigate, reconstruct, and articulate adversary activity
  • Deep understanding of attacker tactics, techniques, and procedures, and the ability to map observed activity to meaningful conclusions
  • Hands-on experience with enterprise DFIR tooling and methodologies across disk, memory, log, and network analysis
  • Experience operating within modern enterprise environments, including Windows, Linux, Active Directory, and cloud platforms such as Microsoft 365 and Azure
  • Excellent written communication skills, with the ability to produce clear, structured, and defensible forensic reports suitable for both technical and executive audiences
  • Strong verbal communication and briefing skills, including experience presenting findings and recommendations to senior stakeholders
  • Ability to translate complex technical findings into clear, actionable guidance during active and post-incident scenarios
  • Strong analytical and critical thinking skills, with a disciplined approach to evidence handling, investigative integrity, and defensibility
  • High attention to detail, with the ability to maintain accuracy and consistency under pressure and time constraints
  • Ability to operate effectively in high-pressure environments, including during active incidents requiring extended hours and rapid decision-making
  • Strong consulting mindset, including ownership of client outcomes, adaptability in ambiguous situations, and the ability to balance speed with rigor
  • Experience managing multiple engagements or priorities in a consulting or incident response context
  • Demonstrated ability to contribute to, mature, or build DFIR service offerings, including methodologies, tooling, and delivery frameworks
  • Interest in shaping and scaling a DFIR practice, including defining processes, improving delivery quality, and building internal capability
  • Experience mentoring or supporting junior practitioners and contributing to team development
  • Professional certifications such as GCFA, GCFE, GCIH, GNFA, CISSP, or similar are considered an asset
Why Malleum
  • Play a foundational role in building and shaping a high-impact DFIR capability within a growing firm
  • Work at the cutting edge of cyber defense on incidents with real operational and national consequence
  • Engage directly with sophisticated adversaries and complex investigative challenges Join a team of experienced practitioners in a high-trust, high-performance environment
  • Competitive compensation aligned to experience and market

Malleum is an equal opportunity employer. We welcome applications from all qualified candidates and are committed to building a team that reflects the communities and missions we serve.
We are committed to providing accommodations for individuals with disabilities throughout the recruitment process. Please let us know if you require accommodation at any stage.
 

Skills Required

  • 8+ years of experience in digital forensics, incident response, or closely related cybersecurity domains, including leading complex investigations.
  • Proven experience operating in client-facing environments (consulting, advisory, or incident response roles).
  • Strong technical proficiency across endpoint, network, and cloud forensics with ability to investigate and reconstruct adversary activity.
  • Deep understanding of attacker tactics, techniques, and procedures (TTPs) and ability to map activity to conclusions.
  • Hands-on experience with enterprise DFIR tooling and methodologies across disk, memory, log, and network analysis.
  • Experience with modern enterprise environments: Windows, Linux, Active Directory, Microsoft 365, and Azure.
  • Excellent written communication skills for producing clear, structured, defensible forensic reports for technical and executive audiences.
  • Strong verbal communication and briefing skills, including presenting findings to senior stakeholders.
  • Ability to translate complex technical findings into clear, actionable guidance during active and post-incident scenarios.
  • Strong analytical and critical thinking skills, disciplined evidence handling, investigative integrity, and attention to detail under pressure.
  • Ability to operate effectively in high-pressure environments requiring extended hours, rapid mobilization, and sustained focus.
  • Consulting mindset: ownership of client outcomes, adaptability in ambiguity, and experience managing multiple engagements/priorities.
  • Demonstrated ability to contribute to, mature, or build DFIR service offerings, including methodologies, tooling, and delivery frameworks.
  • Experience mentoring or supporting junior practitioners and contributing to team development.
  • Professional certifications such as GCFA, GCFE, GCIH, GNFA, CISSP (considered an asset).
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Ottawa, ON
27 Employees
Year Founded: 2013

What We Do

Malleum isn’t your everyday, run-of-the-mill security firm. We’ve been successfully doing penetration tests and application assessments for over 15 years, with a focus on delivering high quality results to our clients. Our security assessments are more than just plugging in a scanner, running the latest tools, or checking a green box. Our research-driven team of highly hands-on information security specialists are capable of identifying some of the most sophisticated, hard-to-find vulnerabilities. Malleum’s team is made up of seasoned security professionals with experience assessing a wide range of organizations and applications. From Fortune 100s to public sector clients, online banking to critical infrastructure applications – we’ve done it all and we’re certain we can help your organization raise its security bar! Is your company ready to take our test?

Similar Jobs

Mondelēz International Logo Mondelēz International

Brand Manager

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Toronto, ON, CAN
90000 Employees
65K-81K Annually

Square Logo Square

Business Development Manager

eCommerce • Fintech • Hardware • Payments • Software • Financial Services
Remote or Hybrid
8 Locations
12000 Employees
164K-297K Annually

Square Logo Square

GTM Strategy & Operations - Global Sales

eCommerce • Fintech • Hardware • Payments • Software • Financial Services
Remote or Hybrid
8 Locations
12000 Employees
103K-194K Annually
In-Office
Oakville, ON, CAN
4109 Employees
85K-120K Annually

Similar Companies Hiring

NetBox Labs Thumbnail
Cloud • Software
US
125 Employees
Toro TMS Thumbnail
Cloud • Enterprise Web • Sales • Software • Transportation
Chicago, IL
80 Employees
Amplify Platform Thumbnail
Fintech • Financial Services • Consulting • Cloud • Business Intelligence • Big Data Analytics
Scottsdale, AZ
62 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account