DFIR Operation Manager

  • Job Type: Permanent
  • Location: All - United States of America - Remote United States of America Remote
  • Date Posted: November 18, 2020
  • Salary: 175000-20500

Hello! Interested in applying? We welcome you to fill out your details in the fields laid out below so we can get your CV straight to our recruiter:

  • Thank you for giving us your email address! We will use it to contact you about this role, and we will also send you confirmation of your application.
  • Please tell us your nationality so we can assess whether you are able to work in the roles location, or assess the possibility of arranging a suitable visa.
  • Allowed files: .doc, .docx, .pdf
    Drop files here or
    Accepted file types: doc, docx, pdf.
    • Read about how First Point Group uses the data that you provide by clicking here: First Point Group Policies and Statements

    Digital Forensics & Incident Response Operation Manager

    FPG Cyber are currently recruiting on behalf of our prestigious client; a Global Cyber Security Consultancy, for a Digital Forensics & Incident Response Operation Manager, the location is Montreal, Quebec, Canada & travel will be required.

    The Role

    The ideal candidate will have hands-on experience performing Incident Response tasks for Data Breaches as well as having expert knowledge of security risk assessments, reactive Incident Response, and Computer Forensics (ransomware is a plus). The DFIR Ops Manager with work alongside our clients Post Breach remediation services team, as well as their regional resolution teams to support clients? needs in the following areas: Breach Recovery from security incidents, Co-ordinated support for Incident Response, Digital Forensic activity i.e. data recovery, ransomware attacks, hacking ransoms etc. This role will also be responsible for ensuring clients are serviced with the best possible response, breach notification, and coordination with the Incident Response Forensics team who manage incidents related to Forensics, vulnerability assessment, analysis and ransomware payment

    Position Overview

    – Perform incident response engagements related to preemptive data breaches, provide analytic reports for litigation and regulatory responses; workplace and employment issues, including theft of trade secrets; investigations related to network breaches/unauthorized access of data through computer forensics
    – Perform data breach response, cyber risk/security assessments, and remain involved in all phases such as penetration testing, vulnerability scanning, and log configuration
    – Manage day to day work flows of team assignments and oversee the ongoing response effort of all Breach Incident and Resolutions
    – Evaluate, Generate & Deliver reporting data analytics for assigned areas within assigned timeframes
    – Participate and lead current and potential New Market Entry research
    – Remain highly responsive and ensure all deadlines are met
    – Engage with attackers directly to resolve cyber extortion incidents
    – Participate in CSIRP development and gap analysis, tabletop exercises, incident response and computer forensics, and data breach response with best practices
    – Experience with scan/assessment tools such as EnCase, Metasploit, Nessus, Burp Suite, Core Impact, and/or others
    – Handle web application exploitation, server and client-side attacks, and protocol subversion
    – Perform IT System and Network Audits; write technical reports


    – Lead engagements related to data breach response and preemptive cyber security
    – Analytic and reporting for litigation and regulatory response
    – Workplace and employment issues including theft of trade secrets
    – Investigations related to network breaches / unauthorized data access through computer forensics and incident response
    – Deliver exceptional client services including client communication throughout the entire project lifecycle to better understand client needs
    – Remain highly responsive and ensure all deadlines are met
    – Manage staff performing data breaches, cyber risk/security assessments, whilst remaining involved in phases such as penetration testing, vulnerability scanning, and log configuration
    – Engage with attackers directly and/or staff to engage with attackers to resolve cyber extortion
    – Experience with scan/assessment tools such as Metasploit, Nessus, Burp Suite & Core Impact
    – Handle web application exploitation, server and client-side attacks, and protocol subversion
    – Perform IT system and network audits; write technical reports. Lead incident response plans development and gap analysis


    – Minimum of 7 years of experience with cyber investigations, incident response, forensics or related information security experience
    – Bachelors? degree in Business Management, Technology or privacy related field or equivalent
    – 5 years delivering support services in a fraud or breach investigation or resolution role
    – 3 years team leader or supervisory experience preferred
    – Ability to guide, motivate and support advocates
    – Excellent organizational, time management and multi-tasking skills. Displays strong attention to detail
    – An understanding of different levels of security and privacy risk and how they can affect a business
    – Ability to manage multiple projects and train/mentor staff
    – Advanced working knowledge of Digital Forensic tools (EnCase, FTK, BlackLight)
    – Experience with Unix, Linux, Mac and an administrator level understanding of networking, firewalls, and various protocols involved in data sharing and communications
    – Working knowledge of current data collection, storage, and chain of custody best practices
    – Experience presenting findings and recommendations to C-Level Executives, law enforcement, and outside counsel. Able to triage multiple cases simultaneously
    – Knowledge of encryption and encoding methods, communication protocols, and algorithms
    – Enthusiastic about delivering the highest quality results to clients on time and on budget
    – Ability to work in a dynamic environment and to travel to client locations
    – Proficient in French and English

    Preferred Certifications

    – GIAC Certified Incident Handler (GCIH)
    – GIAC Certified Intrusion Analyst (GCIA)
    – GIAC Reverse Engineering Malware (GREM)
    – GIAC Certified Forensic Analyst (GCFA)
    – GIAC Certified Forensic Examiner (GCFE)
    – Encase Certified Examiner (ENCE)

    Start date is = immediate (notice period accepted for the right candidates) please forward you resumes to: Tom Layzell at FPG Cyber tlayzell@firstpointgroup.com +1 (202) 972 4320