Senior Director of Digital Forensics & Incident Response
Role details
Job location
Tech stack
Job description
The Senior Director of Digital Forensics & Incident Response (DFIR), reporting to the VP of Global Cyber Defense, is a strategic and operational leader responsible for building, scaling, and leading a global capability to detect, respond to, and investigate cyber incidents across the enterprise.
This leader will oversee a 24x7x365 Global Security Operations Center (GSOC), lead enterprise-wide incident response efforts, and drive forensic investigations supporting Legal, HR, Compliance, Privacy, and executive stakeholders, while ensuring alignment with regulatory, legal, and risk management requirements.
On a typical day you will:
Global SOC Leadership
- Lead and operate a 24x7x365 GSOC serving enterprise IT and OT environments.
- Define and execute the GSOC strategy, including partnering with detection engineering, automation, threat-intelligence integration, and continuous maturity improvement.
- Establish and monitor Service Level Agreements (SLAs), Key Performance Indicators (KPIs), Key Risk Indicators (KRIs)SLAs, KPIs, and operational metrics to ensure effective threat detection and response.
- Drive continuous improvement of advanced technologies (SIEM, SOAR, UEBA, XDR) to enhance visibility and reduce response times.
- Lead the global Digital Forensics and Incident Response (DFIR) program across a large, distributed enterprise environment.
- Define and execute a multi-year roadmap for incident response, digital forensics, cyber investigations, and insider risk capabilities.
- Build, mentor, and retain high-performing global teams across DFIR, DLP, and eDiscovery functions.
- Act as a senior advisor to executive leadership during major cyber incidents and crisis situations.
Incident Response & Cyber Operations
- Oversee the end-to-end incident response lifecycle including preparation, detection, analysis, containment, eradication, and recovery.
- Lead and continuously improve the GSOC.
- Establish and test cyber incident response playbooks, tabletop exercises, and crisis simulations.
- Drive threat-driven and intelligence-led response capabilities.
Digital Forensics & Investigations
- Lead advanced digital forensic investigations involving endpoints, cloud, identity systems, and network environments.
- Ensure forensic readiness, evidence preservation, and chain-of-custody standards are maintained.
- Partner with Legal, HR, and Compliance on internal investigations, litigation support, and eDiscovery efforts.
Data Protection & Insider Risk
- Oversee enterprise Data Loss Prevention (DLP) and insider risk programs, including policy design, monitoring, and enforcement.
- Leverage platforms such as Microsoft Purview and M365 security capabilities to protect sensitive data.
- Align DLP and insider risk initiatives with regulatory requirements and business objectives.
Vendor & Service Management
- Manage strategic relationships with Managed Security Service Providers (MSSPs) and digital forensics vendors.
- Establish and monitor SLAs, KPIs, and KRIs.
- Ensure vendors meet performance, quality, and compliance expectations.
Technology & Innovation
- Drive adoption and optimization of security technologies, including:
- Microsoft 365 Security & Compliance (Purview, Defender)
- Digital forensics tooling (e.g., EnCase, FTK, X-Ways, etc.)
- Endpoint Detection & Response (EDR/XDR)
- DLP solutions
- SASE and modern network security architecture
- Continuously evaluate emerging technologies to enhance detection, response, and investigative capabilities.
Requirements
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field
- Relevant certifications strongly preferred: CISSP, CISM, or equivalent, GIAC (e.g., GCFA, GCIH) or forensic certifications, eDiscovery or legal/forensic certifications a plus
- 15+ years of progressive experience in cybersecurity within a large, global enterprise environment
- Proven experience building and leading a GSOC and incident response program
- Deep expertise in: Incident Response (IR) & Cyber Crisis Management, Digital Forensics & Investigations, DLP & Insider Risk, and eDiscovery processes and technologies
- Experience managing and governing MSSPs
- Strong track record defining and managing SLAs, KPIs, and KRIs
- Strong hands-on or leadership familiarity with:
- Microsoft 365 / Microsoft Security ecosystem (Defender, Purview, Sentinel)
- EDR/XDR platforms (e.g., CrowdStrike, Microsoft Defender, etc.)
- Digital forensics tools and methodologies
- Cloud security (especially SaaS and hybrid environments)
- SASE / Zero Trust architectures
- Exceptional leadership, team-building, and mentoring capabilities
- Executive-level communication skills with the ability to translate technical issues into business risk
- Strong decision-making under pressure, particularly during live cyber incidents
- Ability to influence cross-functional stakeholders including Legal, Compliance, Privacy, and IT
Benefits & conditions
What we offer:
- We offer a 401(k) plan with a generous company match and an automatic retirement contribution for your future financial security from day one of your employment, you and your eligible dependents will receive comprehensive medical, prescription drug, dental, and vision coverage.
- Enjoy three weeks of paid vacation, along with paid company holidays
- We provide paid sick leave, employee assistance, and wellness incentive programs to support your well-being.
- Life insurance and disability coverage to protect you and your family.
- Voluntary benefits, including options for legal, pet, home, and auto insurance.
- We offer generous birth/adoption and parental leave benefits, as well as adoption assistance, to support growing families.
- Pursue your educational goals with our tuition reimbursement program.
- Recognize and be recognized! We celebrate service anniversaries and offer spot performance bonus opportunities to show our appreciation.
The salary range for this role is $198,000 - $250,000. This position will be eligible for an annual bonus targeted at 25%. We may ultimately pay more or less than the posted range, and the range may change in the future. Pay within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs.
If you live in a city, chances are we will give you a lift or play a role in keeping you moving every day.