DFIR Principal Consultant (Remote)
As a DFIR Principal Consultant at PNG Cyber, you will play a vital dual role: providing senior-level technical expertise in digital forensics and incident response (DFIR) while managing complex case lifecycles and acting as the primary Client liaison. You will lead your team in managing a wide range of investigations—including Business Email Compromise (BEC), ransomware, insider threats, data breaches, and other cyber incidents—ensuring all work is thorough, accurate, and clearly communicated to clients and stakeholders.
Job Description:
Serve as the primary point of contact for clients, legal counsel, and other stakeholders throughout the entire case lifecycle—from intake and scoping to final reporting and closure.
Conduct detailed scoping calls, accurately gather case requirements, and develop precise Statements of Work (SOWs).
Oversee and manage multiple simultaneous engagements; ensure projects stay on track, on time, and within scope.
Direct and mentor a team of analysts and consultants, providing quality control for all technical work products and deliverables.
Independently conduct forensic analysis using tools like Axiom, X-Ways, Splunk, and other open-source & commercial IR tools to lead investigations into ransomware, BECs, and other cyber incidents.
Communicate and negotiate with threat actors during active ransomware incidents.
Communicate complex technical findings clearly and concisely—both verbally and in writing—to technical and non-technical audiences, including on-camera client briefings.
Draft, review, and deliver professional, client-ready reports with meticulous attention to accuracy, clarity, and quality.
Contribute to the development and implementation of modern forensic techniques, tools, and internal best practices.
Maintain high availability and responsiveness during active engagements, including working non-traditional hours when necessary.
Drive ongoing team development through training, mentorship, and knowledge sharing.
Qualifications and Required/Preferred Experience:
Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, Digital Forensics, or a related field (preferred).
5+ years of proven experience leading digital forensics and incident response engagements, including direct client interaction and case management.
Deep knowledge of incident response, digital forensics methodologies, ransomware investigations, BEC cases, and threat actor tactics.
Strong customer-service orientation with the ability to translate technical details into clear, actionable information for clients and counsel.
Demonstrated ability to manage teams, set priorities, and maintain quality control across multiple high-stakes engagements.
Excellent verbal and written communication skills; proven record of drafting and reviewing professional technical reports.
Professional certifications such as GCFE, GCFA, GCIH, GNFA, GREM, CISSP, or other relevant industry certifications strongly preferred.
Must have a working knowledge of tools used to collect, triage, and analyze evidence, and to secure and monitor client environments — including EDR solutions such as SentinelOne, Huntress, Sophos, CrowdStrike Falcon, and similar platforms.
Experience with scripting and programming languages such as C#, Go, Rust, Python, PowerShell, and Bash preferred.
Experience with multiple operating systems such as: Windows, Linux, MacOS, and Unix.
Flexible and adaptable with the ability to work extended hours as needed during critical incidents. Highly self-motivated problem solver who thrives in dynamic, fast-paced environments.
