Principal DFIR Consultant

Role Overview

• Serve in the Oversight role on complex or high-severity engagements, reviewing findings before client calls, providing technical depth, anticipating client questions, and ensuring quality of analysis and deliverables.
• Step in as engagement Lead on the most complex or sensitive investigations (ransomware, APT, nation-state, insider threat), setting the standard for client communication and investigative rigor.
• Conduct advanced host forensics, network analysis, malware reverse engineering/triage, cloud forensics, threat actor attribution, and intelligence-driven investigation.
• Serve as a trusted surge resource for the team during high-volume periods, providing senior-level coverage across concurrent engagements.
• Design, document, and maintain DFIR investigation methodologies, playbooks, and SOPs that raise the quality floor for the entire practice.
• Actively mentor Senior Consultants and Analysts; provide guidance on technical challenges, client management, and professional development. Help develop the next generation of DFIR leads.
• Lead internal training sessions, write technical blog posts and research, document lessons learned, and contribute to the team's collective knowledge base.
• Identify gaps in current tooling and processes; design and build automation, scripts, or integrations that improve investigative efficiency across the team.
• Participate in candidate screening, technical interviews, and skills assessment to help build a high-quality team pipeline.
• Build deep, trusted relationships with key clients and stakeholders; serve as a credible senior voice during high-stakes incidents.
• Support pre-sales activities including technical scoping, proposal development, SOW review, and client presentations for DFIR, Compromise Assessment, and IR Advisory engagements.
• Represent GuidePoint Security externally through conference presentations, webinars, publications, and engagement with the broader DFIR community.

Requirements

• 8+ years of hands-on DFIR experience, including complex incident response and forensic investigations.
• 10+ combined years of IT and information security experience.
• Demonstrated experience in a Lead or senior technical role on high-severity engagements (ransomware, APT, nation-state, or insider threat).
• Expert-level proficiency across multiple DFIR disciplines: host forensics, network forensics, log analysis, malware triage, cloud IR, and BEC investigation.
• Exceptional written and verbal communication skills; ability to present complex technical findings to executive and legal audiences.
• Proven track record of mentoring and developing junior and mid-level technical staff.
• Experience developing or contributing to DFIR methodologies, playbooks, or tooling.

Tech Stack

• Cloud

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option