Home › Companies › Cypfer › Digital Forensics and Incident Response (DFIR) Consultant
Digital Forensics and Incident Response (DFIR) Consultant
Cypfer · Remote · Active · BambooHR
Job facts
| Field | Value |
|---|---|
| Company | Cypfer |
| Title | Digital Forensics and Incident Response (DFIR) Consultant |
| Normalized title | - |
| Department / team | Consulting |
| Location | Houston, TX, United States |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | BambooHR |
| Posted / first seen | 2024-06-18 / 2026-05-30 |
| Changed / last seen | 2026-05-30 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Cypfer. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through BambooHR. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in Houston. | Open |
| Department jobs | Active postings in Consulting. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Cypfer |
| Source | 9f43f633-7098-4d68-b509-7b5e7033b19f |
| ATS provider | BambooHR |
Description
CYPFER is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, we consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Our team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.
Location:
We would prefer candidates to be located in one of the following:
Philadelphia, PA
Houston, TX
Core Responsibilities:
Engage on behalf of CYPFER in incident response tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams.
Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems.
Assist with Windows forensics and triage to assess compromise and investigations.
Familiarity with malware analysis tools and methodologies.
Apply mitigation strategies and concepts to remediate identified threats.
Analyze triage collections/artifacts for indicators of compromise (IOCs) and potentially malicious activity.
Review logs from host systems and appliances to identify suspicious activities.
Collect forensic disk and memory images from physical and virtual endpoints and servers.
Understanding of an incident lifecycle and cyber-kill-chain.
Correlate events and build timelines of events.
Maintain current knowledge on emerging threats and vulnerabilities.
Analyze files for IOCs using various techniques.
Technical Requirements:
2+ years of experience in digital forensics, incident response, or a similar role.
Knowledge of Windows and Unix/Linux operating systems.
Understanding of the functionality of EDR / EPP technologies.
Familiarity with forensic acquisition and analysis of physical and virtual systems.
Working knowledge of storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS.
Ability to analyze and interpret logs from various sources.
Ability to perform threat research and analyze current threats.
Understanding of business email compromise (BEC) cases and investigation techniques.
Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed.
This role is remote but requires the ability to travel on short notice to a client site up to 50%. Must maintain flexibility to travel frequently within 24-48 hours' notice for deployments typically 1-2 weeks in duration.
Business Responsibilities:
Maintain current knowledge of information security, incident response techniques, emerging threats, and tools.
Work independently and produce high-quality deliverables with minimal supervision.
Exhibit strong customer service and consulting skills.
Adhere to client and internal policies, procedures, and security practices.
Maintain detailed notes and draft updates and reports as required.
Remain calm, composed, and articulate in tough customer situations.
Exhibit excellent relationship management and communication skills.
Preferred Skills:
Understand obfuscation techniques used to conceal malicious commands and traffic, and lateral movement strategies employed by threat actors.
Familiarity with exfiltration techniques used by threat actors.
Knowledge of SIEM and SOAR solutions.
Experience with e-discovery tools and methodologies.
Proficiency in collecting and analyzing data from mobile devices/cell phones.
Industry certifications such as MCFE, ENCE, ACE, GCFA, GCIH, GNFA, GCFE or similar are a plus.
Compensation package includes a base salary, medical benefits and multiple bonus opportunities.
Cypfer is an equal opportunity employer. If you need accommodation during the interview process or beyond, please let us know. We celebrate our inclusive work environment and welcome applicants from all backgrounds and perspectives.
We thank you for your interest in joining the Cypfer team! While we welcome all applicants, only those selected for an interview will be contacted.
Full job record
| Job ID | dd574bab46c82ad9ec97e72f132ecd7fe28cc790 |
| Org ID | 24179b32-d6a3-412d-aea1-b03804766340 |
| Source ID | 9f43f633-7098-4d68-b509-7b5e7033b19f |
| Board ID | 9f43f633-7098-4d68-b509-7b5e7033b19f |
| Provider | bamboohr |
| Provider Job Key | 53 |
| Title | Digital Forensics and Incident Response (DFIR) Consultant |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | — |
| Department | Consulting |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | United States |
| Region | TX |
| City | Houston |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://cypfer.bamboohr.com/careers/53 |
| Apply URL | https://cypfer.bamboohr.com/careers/53 |
| First Seen At | 2026-05-30 05:59:36Z |
| Last Seen At | 2026-06-06 10:25:30Z |
| Last Checked At | 2026-06-06 10:25:30Z |
| Last Changed At | 2026-05-30 05:59:36Z |
| Inactive At | — |
| Source Posted At | 2024-06-18 00:00:00Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=cypfer/date=2026-06-06/2026-06-06T10-25-29-003Z-96305598f834038595fb8bb077c26ac180d31fff60ef31767456b63bf8d5d86e.json |
Event Fields
{
"content_hash": "091d1d74a40b0b029558cd114fb17f6895b1e0bfba2f802b203f32d39ddbaf4f",
"source_hash": "4f6d6648d657ebb53531921e252658c0d869365ba2f189bbbbdf0095193ac62f",
"last_changed_at": "2026-05-30T05:59:36.233Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Houston, Texas, United States",
"city": "Houston",
"region": "TX",
"country": "United States",
"is_remote": true,
"confidence": 0.8
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T10:25:30.526Z",
"launch_scope": {
"reason": "bamboohr_production_catalog",
"included": true,
"location": {
"raw": "Houston, Texas, United States",
"city": "Houston",
"region": "TX",
"country": "United States",
"is_remote": true,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": "remote",
"salary_period": null,
"workplace_type": "remote",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "53",
"isRemote": null,
"location": {
"city": null,
"state": null
},
"atsLocation": {
"city": "Houston",
"state": "Texas",
"country": "United States",
"province": null
},
"departmentId": "18630",
"locationType": "1",
"jobOpeningName": "Digital Forensics and Incident Response (DFIR) Consultant ",
"departmentLabel": "Consulting",
"employmentStatusLabel": "Full-Time"
},
"detail_errors": [],
"detail_job_opening": {
"location": {
"city": null,
"state": null,
"postalCode": null,
"addressCountry": null
},
"datePosted": "2024-06-18",
"atsLocation": {
"city": "Houston",
"state": "Texas",
"country": "United States",
"countryId": "1"
},
"description": "<p>CYPFER is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, we consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Our team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses. </p>\n<p><br></p>\n<p><span style=\"font-size: 15px;\"><span style=\"font-weight: bold;\">Location:</span> </span></p>\n<ul>\n<li>We would prefer candidates to be located in one of the following: \n<ul>\n<li>Philadelphia, PA</li>\n<li>Houston, TX</li>\n</ul>\n</li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 15px;\"><span style=\"font-weight: bold;\">Core Responsibilities:</span> </span></p>\n<ul>\n<li><span style=\"font-size: 15px;\">Engage on behalf of CYPFER in incident response tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Assist with Windows forensics and triage to assess compromise and investigations. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Familiarity with malware analysis tools and methodologies. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Apply mitigation strategies and concepts to remediate identified threats. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Analyze triage collections/artifacts for indicators of compromise (IOCs) and potentially malicious activity. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Review logs from host systems and appliances to identify suspicious activities. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Collect forensic disk and memory images from physical and virtual endpoints and servers. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Understanding of an incident lifecycle and cyber-kill-chain. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Correlate events and build timelines of events. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Maintain current knowledge on emerging threats and vulnerabilities. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Analyze files for IOCs using various techniques. </span></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 15px;\"><span style=\"font-weight: bold;\">Technical Requirements:</span> </span></p>\n<ul>\n<li><span style=\"font-size: 15px;\">2+ years of experience in digital forensics, incident response, or a similar role. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Knowledge of Windows and Unix/Linux operating systems. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Understanding of the functionality of EDR / EPP technologies. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Familiarity with forensic acquisition and analysis of physical and virtual systems. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Working knowledge of storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Ability to analyze and interpret logs from various sources. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Ability to perform threat research and analyze current threats. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Understanding of business email compromise (BEC) cases and investigation techniques. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">This role is remote but requires the ability to travel on short notice to a client site up to 50%. Must maintain flexibility to travel frequently within 24-48 hours' notice for deployments typically 1-2 weeks in duration. </span></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 15px;\"><span style=\"font-weight: bold;\">Business Responsibilities:</span> </span></p>\n<ul>\n<li><span style=\"font-size: 15px;\">Maintain current knowledge of information security, incident response techniques, emerging threats, and tools. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Work independently and produce high-quality deliverables with minimal supervision. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Exhibit strong customer service and consulting skills. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Adhere to client and internal policies, procedures, and security practices. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Maintain detailed notes and draft updates and reports as required. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Remain calm, composed, and articulate in tough customer situations. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Exhibit excellent relationship management and communication skills. </span></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 15px;\"><span style=\"font-weight: bold;\">Preferred Skills:</span> </span></p>\n<ul>\n<li><span style=\"font-size: 15px;\">Understand obfuscation techniques used to conceal malicious commands and traffic, and lateral movement strategies employed by threat actors. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Familiarity with exfiltration techniques used by threat actors. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Knowledge of SIEM and SOAR solutions. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Experience with e-discovery tools and methodologies. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Proficiency in collecting and analyzing data from mobile devices/cell phones. </span></li>\n</ul>\n<ul>\n<li><span style=\"font-size: 15px;\">Industry certifications such as MCFE, ENCE, ACE, GCFA, GCIH, GNFA, GCFE or similar are a plus. </span></li>\n</ul>\n<p> </p>\n<p><span style=\"font-size: 15px;\">Compensation package includes a base salary, medical benefits and multiple bonus opportunities. </span></p>\n<p><br></p>\n<p><span style=\"font-size: 15px;\">Cypfer is an equal opportunity employer. If you need accommodation during the interview process or beyond, please let us know. We celebrate our inclusive work environment and welcome applicants from all backgrounds and perspectives. </span></p>\n<p><br></p>\n<p><span style=\"font-size: 15px;\">We thank you for your interest in joining the Cypfer team! While we welcome all applicants, only those selected for an interview will be contacted. </span></p>",
"compensation": null,
"departmentId": "18630",
"locationType": "1",
"seekPromoted": false,
"jobCategoryId": null,
"jobOpeningName": "Digital Forensics and Incident Response (DFIR) Consultant ",
"departmentLabel": "Consulting",
"jobOpeningStatus": "Open",
"minimumExperience": "Mid-level",
"jobOpeningShareUrl": "https://cypfer.bamboohr.com/careers/53",
"employmentStatusLabel": "Full-Time"
}
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/dd574bab46c82ad9ec97e72f132ecd7fe28cc790?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/24179b32-d6a3-412d-aea1-b03804766340JSONGET https://api.bluedoor.sh/job-postings/v1/sources/9f43f633-7098-4d68-b509-7b5e7033b19fJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/dd574bab46c82ad9ec97e72f132ecd7fe28cc790/eventsJSON