Senior Engineer, Cybersecurity DFIR

Job Purpose

ICE is seeking an experienced Senior DFIR (Digital Forensics and Incident Response) Engineer to join our cybersecurity team. As a Senior Engineer, you will play a critical role in detecting, investigating, and responding to security incidents, while proactively hunting for threats and implementing countermeasures. This position demands technical expertise, analytical thinking, and strong communication skills in a fast-paced, high-stakes environment.

Responsibilities

• Incident Management & Response: Lead the detection, investigation, containment, and remediation of security incidents.
• Digital Forensics: Conduct in-depth forensic analysis of memory, disk, endpoint and network artifacts to reconstruct incident timelines and identify root causes.
• Cloud & Hybrid Forensics: Investigate incidents in cloud-native and hybrid environments (e.g., AWS, Azure, containers), ensuring proper evidence handling and response.
• Security Analytics & Threat Hunting: Analyze large datasets to detect anomalies, uncover hidden threats, and proactively hunt for indicators of compromise (IOCs).
• Malware Analysis & Reverse Engineering: Perform static and dynamic analysis of malware to understand behavior, impact, and attribution.
• Threat Mitigation: Design and implement preventative and corrective security controls to address emerging threats and reduce risk exposure.
• Behavioral Analysis: Develop detection criteria and analytics to identify suspicious user behavior and potential insider threats.
• Reporting & Communication: Produce detailed technical reports and executive summaries to communicate findings, impact, and recommendations to stakeholders.

Knowledge and Experience

• 3+ years of experience in Digital Forensics and Incident Response (DFIR), cybersecurity operations or threat detection and hunting.
• Technical expertise in cybersecurity in two of the following areas: network security, web application assessments, scripting, cloud security, malware analysis, reverse engineering, network or endpoint forensics.
• Hands-on experience with enterprise security tools including SIEM (e.g., Splunk, QRadar), IDS/IPS, forensic suites (e.g. EnCase, Volatility, Autopsy, X-Ways, Magnet Axiom), and malware analysis platforms.
• Experience in cloud and container security, including incident response in AWS, Azure, and hybrid environments.
• Proficient in at least one scripting language (e.g. Python, Bash, PowerShell, JavaScript, etc.)
• Familiarity with MITRE ATT&CK framework and threat intelligence platforms.
• Demonstrated ability to communicate complex technical findings to both technical and non-technical audiences.
• Relevant certifications such as GIAC GCFA, GCIA, GCIH, CISSP, or OSCP.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, related technical field, or equivalent practical experience.