RBPRSLLC is looking for candidates to fill the position of Cyber DFIR Engineer. On-Site position in Atlanta, GA or Zebulon, NC. No visa sponsorships supported, no agencies please.
Job Details/Requirements:
- Title: Cyber DFIR Engineer
- Positions: 1
- Duration: Full time - Direct Hire
- Compensation:
- Salary Range: $120,000 – $160,000 base
-
- Bonus Eligibility: Up to 18% performance-based bonus
-
- Benefits Package: Standard corporate benefits (details shared post-interview)
-
- Relocation Support: Available for qualified candidates
- Location: Atlanta or Zebulon
- Onsite: 5 days WFO
- Shift: Tuesday - Saturday, 8am to 5pm (1st Shift)
- Incentives:
- Company Growth: Client is a Fortune 500, top 10 bank with major cybersecurity ambitions.
-
- Industry Exposure: Banking is at the forefront of cybersecurity threats, making this role highly valuable.
-
- Long-Term Investment: Full-time career growth opportunities
-
- Pension Plan: Client offers a pension plan (eligible after ~5 years).
-
- Best-in-Class Tools: CrowdStrike is one of the leading incident response tools.
-
- High-Caliber Team: The Cyber Incident Response Team is one of the most mature and talented in Georgia & North Carolina, outside of tech giants like Microsoft and Google.
Project: Cyber Incident Response, Tier-3 Incident Response, Digital Forensics, Incident Containment
Key Skills/Tools:
- Five years of experience in Cybersecurity or related work
-
- one or more cloud platforms and cloud security
-
- general information technology (IT) and cybersecurity
-
- computer networking concepts and protocols, and network security methodologies.
-
- network traffic analysis and packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
-
- operating systems, including Windows/Unix ports and services.
-
- modern identity and access management concepts
-
- phishing tactics and techniques
-
- advanced cyber threats and vulnerabilities.
-
- cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
-
- adversarial tactics, techniques, and procedures
-
- intrusion detection methodologies and techniques for detecting host and network-based intrusions.
-
- incident response and handling methodologies.
-
- countermeasures to address a variety of threats
-
- around leveraging automation, ML, and/or AI
-
- advanced threat hunting techniques
-
- types of digital forensics data and how to recognize them.
-
- types and collection of persistent data.
-
- file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
-
- which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
-
- processes for seizing and preserving digital evidence.
- Core expertise in Digital Forensics & Incident Response (DFIR), Threat Hunting and Incident Response (Tier 3 level)
- Deep forensic analysis on endpoints
- Understanding forensic artifacts on machines
- Strong communication and organizational skills
- Ability to clearly articulate technical knowledge
- Must be concise and direct in responses
- Team collaboration and openness to feedback
Day-to-Day Responsibilities:
Per job description:
The Cyber DFIR (Digital Forensics & Incident Response) Engineer on the advanced 24/7 Cyber Incident Response Team (CIRT) is responsible for effectively responding to cyber incidents within any technology environment leveraging digital evidence and forensic analysis techniques.
As DFIR professionals, individuals in this role demonstrate proficiency in log, code, cloud, identity, network, endpoint, memory, malware, and root cause analysis. The position will directly perform, facilitate, or consult on the entire cyber incident response.
Cyber DFIR Engineers must be able to operate and provide technical direction in structured and unstructured situations. This role will routinely setup and lead incident response calls and collaborate across various IT/Cyber functions.
This role is office-centric (on-site) in Atlanta, GA or Zebulon, NC with on-call responsibilities.
Expectations:
- Hands-on Digital Forensics & Incident Response (DFIR)
- Conduct in-depth forensic investigations on endpoints
- Collaborate with SOC Tier 2 analysts and provide technical expertise
- Analyze and mitigate cyber threats in real-time
- Engage in incident response investigations
- Work with advanced security tools (e.g., CrowdStrike, Splunk)
- Participate in team meetings, knowledge sharing, and process improvements
- Maintain high communication and documentation standards
Education: Bachelor's degree preferred
Certifications:
- Industry certifications in general technology (e.g. Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)
- Industry certifications in cyber security, such as: Security+, CySA+, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), GIAC Cloud Forensics Responder (GCFR), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Reverse Engineering Malware Certification (GREM), etc.
- Experience in Cyber Breach Response, Security Operations Center (SOC), Network Operations Center (NOC), IT/Cyber Engineering, or Intelligence Community (IC)