Senior Manager - Digital Forensics and Incident Response (DFIR)

Company Description

We areOne Sutherland— a global team where everyone is working together to create great breakthrough solutions. Our workforce has thrived in an environment of diversity of thought, experience and background. We celebrate our diversity and embrace it whole-heartedly. Sutherland is an equal opportunity employer.We promote a positive work environment by conducting ourselves professionally and helping each other achieve our goal ofOne Sutherland Team, Playing to Win.

Sutherland was founded 35 years ago (1986). Since then, we have become a leading global provider of business process and technology management services offering an integrated portfolio of analytics-driven back office and customer-facing solutions that support the entire customer life cycle.

Job Description

Position Summary

We are seeking a highly skilledDFIRSeniorManagerto coordinateandexecutedigitalforensicsandincidentresponseefforts across internalandclient environments. This dual-role position requires a unique combination of deep technical expertiseandexceptional communication skills.

TheDFIRManagerwill lead investigations into cyberincidents, coordinate with externalDFIRvendors,andprovide executive-ready updatesandpresentations to internalandexternal stakeholders. Additionally, themanagerwill oversee the threat intelligence function, aggregatingandanalyzing threat feeds from key vendors.

Experience usingRecorded Future, IBM X-Force, SentinelOne, or similar toolsto provide insights that strengthen our security posture.

The ideal candidate will be based in theUnited Statesandhave experience working with U.S. clientsandvendors. This role demandsfluent writtenandspoken English communicationanda proven ability to distillandpresent technical findings to non-technical stakeholders.

Key Responsibilities

IncidentResponse&Forensics(Primary Role)

• Lead the full lifecycle ofincidentresponseactivities, from detection to resolution.
• Coordinateresponseefforts with internal stakeholdersandthird-party vendors during high-severityincidents.
• Act as theprimary governance leadfor externally managedDFIRengagements.
• Conductedandoversaw forensic investigations to determine the root cause, scope,andimpact of securityincidents.
• Develop, document,andcontinuously improveincidentresponseplansandplaybooks.
• Prepare client-facing reportsandPowerPoint presentations for executive briefings.
• Stay current with emerging cyber threats, tools,andtechniques.
• Participate inandhelp manage an on-call rotation forincidenthandling.
• Support red/blue/purple team exercisesandsimulations.

Threat Intelligence (Secondary Role)

• Act as the point of contact for ingestingandcorrelating threat intel from multiple sources (e.g., Recorded Future, IBM X-Force, SentinelOne).
• Analyzeandinterpret threat actor TTPsandtheir relevance to the company’s risk landscape.
• Deliver clear, concise,andactionable threat reports to internal teamsandexternal clients.
• Maintain dashboardsandcurated threat feeds aligned to the organization’s risk appetite.
• Collaborate with SOCanddetection engineering teams to develop threat detection logicandSIEM rules.
• Manageandleverage dark web monitoring toolsandthreat intelligence platforms.

Qualifications

Required Qualifications

• 6+ years of experience in cybersecurity, including at least 3 years inincidentresponseorDFIRroles.
• Demonstrated experience managing third-partyDFIRproviders during complex investigations.
• Strong working knowledge of forensic tools (e.g., EnCase, FTK, X-Ways), EDR (e.g., SentinelOne, CrowdStrike),andSIEM technologies (e.g., Chronicle, Splunk).
• Proven ability to createanddeliver executive-levelincidentreportsandsecurity briefings.
• Experience with threat intelligence platforms such as Recorded Future, Anomali, or ThreatConnect.
• Familiarity with MITRE ATT&CK Framework, NIST 800-61,andindustry-standard IR procedures.
• Excellent writtenandspoken English, with the ability to translate technical issues for business leaders.

Preferred Qualifications

• GIAC certifications (e.g., GCFA, GCIA, GCIH) or equivalentDFIRcredentials.
• Experience working with multinational clientsandregulatory frameworks (e.g., PCI-DSS, GDPR, HIPAA).
• Exposure to managed security service environments (MSSP) orincidentretainer services.
• Bachelor’s or Master’s degree in Cybersecurity, Information Security, or related field.

Additional Information

All your information will be kept confidential according to EEO guidelines.