Role Overview
We are looking for a hands-on Senior Incident Response Analyst / Consultant to join the Positive Technologies team. In this role, you will partner closely with clients to lead incident response investigations, perform in-depth forensic analysis, and help uncover sophisticated attacker techniques.
This role is well suited for someone with a strong technical foundation in DFIR who enjoys working on real incidents, is curious by nature, and takes ownership in dynamic environments. You will contribute to high-quality DFIR engagements while continuously expanding your expertise across different technologies and attack scenarios.
Key Responsibilities
• Lead or contribute to end-to-end incident response engagements, including investigation, containment, eradication, and recovery across IT and, where applicable, OT environments
• Perform digital forensics and incident investigations across endpoints, servers, network infrastructure, and cloud environments
• Very important to support malware analysis and triage efforts, including identifying Indicators of Compromise (IOCs) and attacker behavior patterns.
• Conduct threat hunting and compromise assessments to help identify hidden or persistent threats
• Contribute to development of detection logic, forensic methodologies, and incident response playbooks tailored to client environments
• Act as a trusted technical point of contact during incidents, providing clear and actionable guidance to client teams
• Produce structured and insightful reports with findings, root cause analysis, and practical remediation recommendations
• Contribute to internal tooling, automation, and development of DFIR capabilities
• Share knowledge and support less experienced team members when needed
Qualifications & Experience
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Around 5+ years of experience in DFIR, incident response, or advanced SOC environments
• Solid foundation in incident handling, digital forensics, threat hunting, or malware analysis (strength in several of these areas is expected; depth across all can be developed over time)
• Hands-on experience with some of the following technologies and tools:
- SIEM platforms (e.g., Splunk, LogRhythm, Cortex XSIAM/XDR)
- EDR/XDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender)
- Forensic tools and frameworks (e.g., EnCase, FTK, Autopsy, Volatility, KAPE, Velociraptor)
• Exposure to malware analysis (static and/or dynamic) is highly valuable.
• Good understanding of operating systems such as Windows, Linux, macOS, and/or mobile platforms from a security or forensic perspective
• Familiarity with cloud environments (AWS, Azure, GCP) and frameworks such as MITRE ATT&CK is beneficial
• Scripting or programming skills (e.g., Python, PowerShell, Bash) are a strong plus and can be further developed on the job
• Relevant certifications such as GCFA, GNFA, GREM, GCIA, GCIH, CHFI are appreciated but not required
Core Competencies:
• Strong technical curiosity and interest in investigating complex security incidents
• Analytical thinking and structured problem-solving approach
• Ownership mindset and ability to operate in high-impact situations
• Clear communication skills, with the ability to explain technical topics to different audiences
• Adaptability and comfort working in a fast-moving, evolving environment
• Motivation to continuously learn and deepen expertise in cybersecurity