We are seeking a highly skilled Senior DFIR Specialist to lead and execute complex cybersecurity investigations and incident response activities across enterprise environments. This a contract opportunity on an as needed basis. This role is responsible for delivering end-to-end incident response, including forensic analysis, containment, eradication, recovery, and post-incident improvement. This is a contract role. Key Responsibilities Conduct advanced forensic investigations across Windows environments, Oracle, and Linux systems, Enterprise platforms (Oracle applications, .NET, Microsoft 365 stack including Exchange, SharePoint, OneDrive) Perform (1) Evidence acquisition (disk, memory, cloud artifacts), (2) Volatile memory and disk analysis, (3) Log and telemetry correlation across endpoints and cloud systems Reconstruct attack timelines, including (1) Initial access vector, (2) Lateral movement, (3) Privilege escalation, and (4) Data exfiltration pathways Maintain strict chain-of-custody procedures and evidentiary standards Produce forensic reports suitable for legal, regulatory, and court proceedings Lead or support end-to-end incident response activities, including (1) Triage and incident scoping, (2) Threat containment strategies, and (3) Root cause analysis Respond to incidents such as Ransomware, Malware infections, Identity-based attacks, Cloud security incidents, and Business email compromise Design and execute containment strategies for (1) Endpoint isolation, (2) Account compromise mitigation, and (3) Network segmentation Lead eradication efforts for (1) Removal of persistence mechanisms, (2) Credential resets and hardening Provide guidance on secure recovery practices and business continuity Support engagement strategies for threat actors (e.g., ransomware scenarios), including (1) Advisory on negotiation approaches (if applicable), (2) Coordination with legal, privacy, and executive stakeholders and (3) Assist with regulatory and law enforcement coordination as required Deliver after-action reports (AARs) wit (1) Root cause findings, (2) Gaps in detection and response, and (3) Prioritized remediation recommendations Recommend improvements across (1) Security controls, (2) Logging and monitoring, and (3) Incident response processes Contribute to development of (1) Playbooks and runbooks and (2) Detection rules and threat hunting hypotheses Qualifications 5+ years in DFIR, cybersecurity operations, or threat investigation Demonstrated experience handling major incidents (e.g., ransomware, data breaches) Experience producing legally defensible forensic documentation Strong hands-on experience with: Windows and Linux (Oracle Linux preferred) forensics Enterprise cloud environments (Microsoft Azure / M365) Proficiency in: Memory forensics (e.g., Volatility) Log analysis and SIEM platforms Certifications (Preferred) GCFA, GCIH, GNFA, CFCE, CISSP, OSCP, or equivalent #J-18808-Ljbffr