Digital Forensics Incident Response

We're Hiring – DFIR Specialist | Ssquad Global

Location: Whitefield, Bangalore

Type: Full-time,

Salary : As per Market Standard , 5 days Work from Office

Interview Mode : First Round Virtual , 2nd Round Face to Face in Bangalore Office

Ssquad Global is looking for an experienced Digital Forensics & Incident Response (DFIR) Specialist to join our cybersecurity team

What you'll do:

Lead and support incident response, insider threat investigations, and forensic analysis

Monitor host/network activity, analyze anomalies, and create security dashboards

Perform malware analysis, reverse engineering, and evidence collection

Mentor and guide cybersecurity team members

What we're looking for:

4+ years' experience in IR, forensics, and cyber threat management

Hands-on with SIEM, DLP, EDR, forensic tools (EnCase, FTK, etc.)

Skilled in Python/PowerShell/Bash scripting and malware analysis

Strong documentation and reporting skills

If you're a DFIR expert ready to take on advanced threats and make an impact, we'd love to hear from you

Job Types: Full-time, Permanent

Benefits:

• Provident Fund

.

Responsibilities

• A minimum of five (4) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in insider threat monitoring software, host- based forensic tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, security operations ticket management.
• Experience creating insider threat focused dashboards, reports and workflow diagrams.
• Experience  collecting  data  and  reporting  results;  handling  and escalating  security  issues  or  emergency  situations  appropriately;  providing incident  response  capabilities  to  isolate  and  mitigate  threats  to  maintain confidentiality, integrity, and availability for protected data.
• Experience with ad-hoc training to junior, mid, senior members of a cyber work force in a collaborative environment.
• Subject matter expert in the field of digital media exploitation or forensics.

· Existing Subject Matter Expertise of Advanced Persistent Threat or Emerging Threats.

· Proficiency in utilizing various packet capture (PCAP) applications/engines and in the analysis of PCAP data.

· Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required).

• Experience supporting a SOC program in incident response tools and techniques, specifically with forensics tools such as EnCase, Forensic Toolkit, etc.
• Experience with static and dynamic malware analysis, including reverse engineering of binaries.

· Familiarity with coding, scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET).

· Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms, Data Loss Prevention (DLP) systems, and log management systems that perform log collection, analysis, correlation, and alerting is required.

· Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.

• Understanding of hardware configurations and comfort with disassembling and reassembling computers and periphery devices.
• Expert understanding of computer file systems, hard drive architecture and connection types.
• In-depth experience with file system forensics, registry analysis, Internet history analysis, steganography and encryption detection and analysis, forensic media imaging, timeline analysis, email analysis, signature/hash analysis.
• Ability and experience extracting and managing complex large data sets.
• Strong documentation and written communication skills with technical report writing experience

Qualifications

[
Bachelor's degree in IT, Cyber Security, CS, or related field

Apply now: 

Learn more: