Senior Manager – DFIR

Job Title: Senior Manager DFIR

Location: India - Ahmedabad

Reporting to: Head Digital Forensics and Incident Response

Department: Cybersecurity Services Digital Forensics and Incident Response

Qualifications & Certifications:

• Bachelors degree in Cybersecurity, Computer Science, or related fields
• Preferred certifications: GCFA, GCFE, CHFI, GREM
• 10 + years of experience in cybersecurity, with minimum 4 years in forensic investigation and incident response
• Experience in client-facing roles or forensic consulting preferred

Role Overview:

The Senior Manager DFIR will serve as a subject matter expert in digital forensics and incident response across OT and IT environments. This role demands hands-on expertise in investigating cyber incidents, managing critical escalations, and leading forensic readiness initiatives. The role requires coordinating closely with SOC, engineering, compliance, and client teams to ensure swift containment, forensic accuracy, and resilience against future attacks.

Key Responsibilities:

• Lead major forensic investigations involving data breaches, APTs, ransomware, and insider threats across OT/IT infrastructures
• Supervise DFIR analysts and forensic engineers in evidence collection, analysis, and documentation
• Act as the escalation point for complex incidents requiring in-depth forensic analysis or multi-stakeholder coordination
• Drive continuous refinement of DFIR playbooks and protocols, with special focus on OT environments
• Oversee chain of custody management, litigation support documentation, and forensic reporting quality
• Support incident readiness initiatives, including table-top exercises, scenario simulations, and threat hunting collaboration
• Coordinate with OEM partners and tool vendors to enhance DFIR tooling and automation
• Represent DFIR function in client engagements, status reviews, and post-incident debriefs
• Analyse forensic traces across ICS/SCADA components, EDR/XDR platforms, and cloud environments

Required Skills and Tools:

• Proficient in forensic tools: Magnet AXIOM, EnCase, FTK, Autopsy, Volatility, Wireshark
• Hands-on experience with EDR/XDR systems (e.g., CrowdStrike, SentinelOne)
• Knowledge of forensic readiness for ICS protocols (e.g., Modbus, DNP3, OPC)
• Understanding of MITRE ATT&CK, TTPs, and cyber kill chain methodologies
• Familiarity with OT incident containment techniques and air-gapped forensic acquisition
• Exposure to cloud forensics: AWS, Azure, GCP

Personality Traits & Leadership:

• Detail-oriented, analytical, and composed in high-pressure situations
• Clear communicator with ability to present forensic findings to both technical and non-technical audiences
• Collaborative leader with mentoring capability and cross-functional coordination skills
• High integrity in handling sensitive data and legal evidence

Preferred Industry Background:

• Cybersecurity consulting firms (Big 4 or equivalent)
• OT OEMs with security divisions (e.g., Siemens, GE, Schneider)
• Managed Security Service Providers (MSSPs)
• Industrial sectors (Energy, Mining, Airports, Ports, Manufacturing)