We are seeking a highly skilledSenior DFIR Specialistto lead and execute complex cybersecurity investigations and incident response activities across enterprise environments.This a contract opportunity on an as needed basis.This role is responsible for delivering end-to-end incident response, including forensic analysis, containment, eradication, recovery, and post-incident improvement.This is a contract role.Key ResponsibilitiesConduct advanced forensic investigations across Windows environments, Oracle, and Linux systems, Enterprise platforms (Oracle applications, .NET, Microsoft 365 stack including Exchange, SharePoint, OneDrive)Perform (1) Evidence acquisition (disk, memory, cloud artifacts), (2) Volatile memory and disk analysis, (3) Log and telemetry correlation across endpoints and cloud systemsReconstruct attack timelines, including (1) Initial access vector, (2) Lateral movement, (3) Privilege escalation, and (4) Data exfiltration pathwaysMaintain strict chain-of-custody procedures and evidentiary standardsProduce forensic reports suitable for legal, regulatory, and court proceedingsLead or support end-to-end incident response activities, including (1) Triage and incident scoping, (2) Threat containment strategies, and (3) Root cause analysisRespond to incidents such as Ransomware, Malware infections, Identity-based attacks, Cloud security incidents, and Business email compromiseDesign and execute containment strategies for (1) Endpoint isolation, (2) Account compromise mitigation, and (3) Network segmentationLead eradication efforts for (1) Removal of persistence mechanisms, (2) Credential resets and hardeningProvide guidance on secure recovery practices and business continuitySupport engagement strategies for threat actors (e.g., ransomware scenarios), including (1) Advisory on negotiation approaches (if applicable), (2) Coordination with legal, privacy, and executive stakeholders and (3) Assist with regulatory and law enforcement coordination as requiredDeliver after-action reports (AARs) wit (1) Root cause findings, (2) Gaps in detection and response, and (3) Prioritized remediation recommendationsRecommend improvements across (1) Security controls, (2) Logging and monitoring, and (3) Incident response processesContribute to development of (1) Playbooks and runbooks and (2) Detection rules and threat hunting hypothesesQualifications5+ years in DFIR, cybersecurity operations, or threat investigationDemonstrated experience handling major incidents (e.g., ransomware, data breaches)Experience producing legally defensible forensic documentationStrong hands-on experience with:Windows and Linux (Oracle Linux preferred) forensicsEnterprise cloud environments (Microsoft Azure / M365)Proficiency in:Memory forensics (e.g., Volatility)Log analysis and SIEM platformsCertifications (Preferred)GCFA, GCIH, GNFA, CFCE, CISSP, OSCP, or equivalent#J-18808-Ljbffr