DFIR Engineer - UK remote - £65,000 - £95,000 + Benefits + Bonus
Our client is scaling their DFIR capability and is seeking highly advanced DFIR Engineers to join their elite security team. This role is designed for technical specialists who thrive in complex investigations, advanced threat scenarios, and large scale incident response. You will be at the forefront of digital forensics, reverse engineering, and cyber defence, working across enterprise, cloud, and hybrid environments.
Main responsibilities
* Lead response to advanced intrusions/APTs, insider threats
* Perform forensic acquisition & analysis (disk, memory, cloud, mobile)
* Reverse engineer malware, develop detection rules (YARA, signatures)
* Hunt threats, build detections in SIEM/EDR (Splunk, Elastic, CrowdStrike, etc.)
* Develop custom tooling/scripts (Python, PowerShell, Go)
* Mentor team, contribute playbooks/runbooks
Skills & Experience
* 5+ years DFIR - Must be strong in BOTH Digital Forensice & Incident Response
* Deep OS internals (Windows, Linux, macOS), network protocols, cloud security
* Volatility, X-Ways, Magnet AXIOM, GRR, IDA Pro, Ghidra, Zeek, Sysmon
* Strong scripting/programming (Python, PowerShell, Bash, Go)
* Preferred certs: GCFA, GNFA, GREM, OSCP/OSEE