DFIR Engagement Manager

SentinelOne
Summary
Join SentinelOne's Vigilance DFIR team as an experienced investigator and endpoint-based hunter, leading digital forensic investigations and threat hunting operations for global clients. You will manage the overall success of cyber incident investigations, working with a global team and serving as the point of contact for clients. Responsibilities include leading business development, collaborating with account teams and legal counsel, overseeing investigations, managing communication and resources, coordinating cross-functional teams, handling escalations, ensuring proper evidence handling, leading post-engagement reviews, and conducting technical analysis. The ideal candidate possesses 5+ years of hands-on consulting experience in digital forensics and incident response, expertise with forensic tools and methodologies, and strong client communication and project management skills. Industry certifications are preferred. SentinelOne offers a competitive salary and benefits package.
Requirements
- 5+ years of hands-on consulting experience in digital forensics and incident response
- Proven track record of managing complex incident response engagements
- Expert-level experience with industry-standard forensic tools and methodologies
- Strong understanding of and experience with EDR/XDR platforms and security technologies
- Demonstrated experience in endpoint-based threat-hunting and compromise assessments
- Experience working with cyber threat intelligence platforms and processes
- Excellence in client communication and relationship management
- Experience working with legal teams and insurance carriers
- Strong project management and team leadership skills
Responsibilities
- Lead business development activities including scoping, requirements gathering, and contract development
- Collaborate with account teams and internal and external legal counsel to ensure service agreements and statements of work are in place
- Handle high-stakes client interactions involving legal counsel or executive stakeholders
- Oversee active DFIR investigations, ensuring exceptional quality and timeliness of deliverables
- Establish and maintain clear communication channels with all stakeholders
- Manage DFIR investigation objectives, timelines, resource allocation
- Coordinate cross-functional teams including internal resources and external vendors
- Handle escalations and resolve technical or operational challenges
- Ensure proper evidence handling and documentation throughout investigations
- Maintain oversight of case documentation and artifact archival
- Ensure adherence to standard operating procedures and best practices
- Lead post-engagement reviews and process improvement initiatives
- Conduct technical analysis including endpoint forensics, log analysis, and threat-hunting when required
- Maintain flexibility with schedule and participate in weekend and holiday on-call schedule
Preferred Qualifications
- Experience conducting malware analysis and memory forensics
- Industry certifications (GCFE, GCFA, CFCE, EnCE, or similar)
- Active participation in the security community through speaking engagements or publications
- Evident self-starter with intellectual curiosity and the ability to adapt to change
Benefits
- Medical, Vision, Dental
- 401(k)
- Commuter
- Health and Dependent FSA
- Unlimited PTO
- Industry leading gender-neutral parental leave
- Paid Company Holidays
- Paid Sick Time
- Employee stock purchase program
- Disability and life insurance
- Employee assistance program
- Gym membership reimbursement
- Cell phone reimbursement
- Numerous company-sponsored events including regular happy hours and team building events