Digital Forensics & Incident Response Lead in at RSI Security
NewSalary: $100.00 - $100.00/hrJob Function: Information Technology
RSI Security
Posted on
New job! Apply early to increase your chances of getting hired.
Explore Related Opportunities
Job Description
Digital Forensics & Incident Response (DFIR) Lead
Engagement Profile: Digital Forensics & Incident Response (DFIR) Lead
Classification: 1099 Independent Contractor
Client Firm: RSI Security (Technical Operations)
Primary Liaison: Sr. Manager of Technical Operations
Compensation Structure: $100/hr
Engagement Summary
RSI Security is engaging an expert Digital Forensics & Incident Response (DFIR) Lead to spearhead complex forensic investigations and resolve critical security incidents. The Consultant will lead high-stakes engagements—including data breaches, ransomware response, and business email compromises—providing comprehensive analysis and actionable remediation strategies. Operating with full autonomy over methodologies, the Consultant is responsible for delivering expert-level forensic reporting and strategic guidance to safeguard client infrastructure.
Scope of Services & Project Deliverables
● Forensic Lifecycle Management: Execute the end-to-end forensic process—collection, examination, analysis, and reporting—ensuring technical rigor and evidentiary integrity.
● Evidence Preservation: Oversee the identification and acquisition of digital evidence from diverse sources while maintaining a strictly documented chain of custody and forensic soundness.
● Adversary Emulation & Mapping: Correlate observed behaviors against the MITRE ATT&CK® framework to pinpoint defensive gaps, validate existing controls, and enhance detection engineering.
● Strategic Containment: Architect containment strategies that balance operational continuity with the need to isolate threats and preserve volatile evidence during active incidents.
● Ad-Hoc Incident Consulting: Provide advanced analytical response and advisory services during high-severity security events, subject to the Consultant's availability and a mutually agreed-upon task order.
Service Level Agreement (SLAs) & Acceptance Criteria
The Consultant’s services will be evaluated against the following deliverable standards: ≥
● Deliverable Deadlines: Ensure 90% of scheduled assessment reports and project deliverables are submitted to the Primary Liaison by the agreed-upon SOW deadline.
● Critical Finding Latency: Communicate 100% of Critical/High vulnerabilities to RSI Security leadership within 1 business day of discovery to ensure immediate client protection.
● Advanced Incident SLAs: Maintain 95% compliance with response and ≥ resolution SLAs on any specialized security escalations accepted by the Consultant.
Vendor Qualifications & Clearances
● Professional Experience: Minimum of 7–10 years of demonstrable experience in digital forensics, incident response, network traffic analysis, and malware triage as an independent consultant or agency.
● Industry Certifications: Must hold active, advanced security and forensic certifications (e.g., GCFA, GCIH, GNFA, CISSP, or equivalent).
● Clearance Requirement: Public Trust eligibility is required; Active Secret clearance is highly preferred, with the ability to obtain a Top Secret (TS/SCI) clearance if dictated by specific engagement task orders.
● Background Verification: The Consultant (and any personnel deployed by the Consultant) must successfully pass a comprehensive multi-jurisdictional background check prior to accessing sensitive RSI Security or client infrastructure.
● Technical & Compliance Proficiencies: Mastery of NIST SP 800-86 guidelines, enterprise network architecture, memory forensics, and advanced automation (Python, PowerShell, Bash). The Consultant must demonstrate proficiency in static and dynamic analysis—utilizing sandbox environments and reverse engineering platforms like Ghidra or IDA Pro—alongside deep experience in EDR/XDR ecosystems (CrowdStrike, SentinelOne, Defender). Expertise is required in cloud forensics (AWS, Azure, GCP), container security (Kubernetes), and alignment with the following compliance frameworks:
● ISO 42001
● NIST 800-171 & NIST AI RMF
● PCI DSS, PCI SSF, & PCI ASV
● CMMC Advisory & Assessment (C3PAO)
● HITRUST & HIPAA
● CIS & SOC2
● GDPR & CCPA
Vendor Expectations & Security Standards
● Forensic & Ethical Standards: Uphold strict responsible-disclosure practices and safeguard sensitive data at all times. Ensure tools are used reasonably and appropriately, safeguarding sensitive information recorded during forensic collections.
● Proactive Communication: Translate complex attack narratives into clear, actionable reporting for both technical and non-technical audiences.
● Data Security & Privacy: Maintain rigorous operational security (OPSEC) over all client data, utilizing encrypted channels and immediately relinquishing access and data upon project completion
Scan to Apply
Just scan this QR code to apply from your phone.
Frequently asked questions about this position
Apply NowYour application goes straight to the hiring team
By submitting your application, you understand and agree to JobTarget's
Terms of Use and
Privacy Policy.