Job Title: Lead – Digital Forensics, Incident Response & Threat Hunting
Role Summary
We are seeking an experienced Lead – Digital Forensics, Incident Response & Threat Hunting (DFIR) professional to strengthen our cyber defense capability. The role will lead high-impact incident investigations, proactive threat hunting programs, forensic examinations, and advanced detection initiatives to protect enterprise assets and sensitive data.
This role requires strong technical expertise, leadership capability, and strategic thinking to enhance cyber resilience and reduce organizational risk.
Key Responsibilities
1. Incident Response Leadership
• Lead end-to-end response to cybersecurity incidents (ransomware, APTs, insider threats, data exfiltration, etc.)
• Drive containment, eradication, recovery, and post-incident review activities
• Act as Incident Commander during high-severity cyber events
• Coordinate with SOC, IT, Legal, Risk, Compliance, and external stakeholders
• Prepare executive-ready incident reports and root cause analysis
2. Digital Forensics
• Conduct host, network, cloud, and mobile forensics investigations
• Perform memory analysis, disk forensics, log analysis, and malware triage
• Ensure evidence integrity and chain of custody
• Support regulatory, HR, and legal investigations when required
• Develop forensic playbooks and investigation SOPs
3. Threat Hunting & Detection Engineering
• Lead proactive threat hunting campaigns using hypothesis-driven methodologies
• Identify advanced threats, persistence mechanisms, and lateral movement
• Develop detection use cases aligned to MITRE ATT&CK framework
• Improve SIEM, EDR, and XDR detection capabilities
• Conduct purple team exercises and adversary emulation
4. Threat Intelligence Integration
• Leverage internal and external threat intelligence feeds
• Translate threat intel into actionable detection and prevention controls
• Monitor emerging threats, vulnerabilities, and TTPs
5. Capability Development & Governance
• Develop and mature IR and threat hunting frameworks
• Establish KPIs, SLAs, and metrics for DFIR effectiveness
• Lead tabletop exercises and cyber crisis simulations
• Mentor junior analysts and build high-performing DFIR team capability
• Support audit, regulatory, and compliance requirements
Required Skills & Expertise
Technical Skills
• Strong hands-on experience with:
• SIEM (Splunk, Sentinel, QRadar)
• EDR/XDR (CrowdStrike, Defender, Carbon Black)
• Forensic tools (EnCase, FTK, Autopsy, Volatility)
• Packet analysis (Wireshark, Zeek)
• Threat hunting queries (KQL, SPL)
Deep understanding of:
• MITRE ATT&CK framework
• Cloud security (Azure/AWS/GCP)
• Active Directory attack techniques
• Malware behavior and analysis
• Experience handling ransomware and data exfiltration cases
Leadership & Soft Skills
• Ability to lead high-pressure cyber incidents
• Strong stakeholder communication skills (technical & executive)
• Decision-making under uncertainty
• Mentoring and team development capability
Qualifications
• Bachelor’s/Master’s in Cybersecurity, Computer Science, or related field
• 12-16+ years of cybersecurity experience
• 6+ years in Incident Response / Threat Hunting leadership
Preferred Certifications
• GCFA / GCFE / GNFA (GIAC)
• GCIH
• CISSP
• CHFI
• CEH (optional but good to have)
This position can be based in any of the following locations:
ChennaiCurrent Guardian Colleagues: Please apply through the internal Jobs Hub in Workday